DMVPN配置实例

PE端配置
crypto keyring cnc-key vrf cnc
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco address 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 20 10 periodic
crypto isakmp profile cnc-profile
vrf cnc
keyring cnc-key
match identity address 0.0.0.0 cnc
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
mode transport require
!
crypto ipsec profile cisco
set transform-set cisco
!
crypto ipsec profile cnc-ipsec
set transform-set cisco
set isakmp-profile cnc-profile
!
针对PE端同一路由器接多个运营商情况
ip vrf cnc
rd 65000:1

interface GigabitEthernet0/1
description CNC access
ip vrf forwarding cnc
ip address 58.250.29.134 255.255.255.192

ip route vrf cnc 0.0.0.0 0.0.0.0 58.250.29.129

优电信
track 84 ip sla 84 reachability

interface Tunnel1084
ip address 10.50.1.77 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp authentication 123
ip nhrp map multicast dynamic
ip nhrp network-id 1084
ip nhrp holdtime 300
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 1084
tunnel protection ipsec profile cisco shar

!
ip route 172.27.84.0 255.255.254.0 10.50.1.78 track 84

ip sla 84
icmp-echo 10.50.1.78 source-ip 10.50.1.77
threshold 10
frequency 10
ip sla schedule 84 life forever start-time now

优联通
track 593 ip sla 593 reachability

interface Tunnel5113
ip address 10.30.1.77 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp authentication 123
ip nhrp map multicast dynamic
ip nhrp network-id 5113
ip nhrp holdtime 300
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 5113
tunnel vrf cnc
tunnel protection ipsec profile cnc-ipsec shar
!
ip route 172.29.113.0 255.255.255.0 10.30.1.78 track 593

ip sla 593
icmp-echo 10.30.1.78 source-ip 10.30.1.77
threshold 10
frequency 10
ip sla schedule 593 life forever start-time now

 

CE端配置
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 20 10 periodic
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile cisco
set transform-set cisco
!


固定IP
interface Tunnel1084
ip address 10.50.1.78 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp authentication 123
ip nhrp map multicast 183.62.215.4
ip nhrp map 10.50.1.77 183.62.215.4
ip nhrp network-id 1084
ip nhrp holdtime 300
ip nhrp nhs 10.50.1.77
ip tcp adjust-mss 1360
tunnel source g0/0/0
tunnel mode gre multipoint
tunnel key 1084
tunnel protection ipsec profile cisco shar


PPPOE拨号
interface Tunnel1079
ip address 10.50.1.58 255.255.255.252
no ip redirects
ip mtu 1400
ip nhrp authentication 123
ip nhrp map multicast 183.62.215.4
ip nhrp map 10.50.1.57 183.62.215.4
ip nhrp network-id 1079
ip nhrp holdtime 300
ip nhrp nhs 10.50.1.57
ip tcp adjust-mss 1360
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 1079
tunnel protection ipsec profile cisco shar

 

posted @ 2020-03-16 13:56  Me-lihu  阅读(693)  评论(0编辑  收藏  举报