ROUTER DMVPN mGRE CONFIGURATION

 The LAB presents the configuration of the technology DMVPN (Dynamic Multipoint) site to Site ipsec VPN between cisco routers.

The configuration was implemented according to the topology showing the image. 

 

Router Model:   Cisco 886-K9 , Cisco 2811-K9
Version IOS: 15.2
Subject: Configure DMVPN mGRE IPSEC between routers 
Category LAB: VPN Technology

 

 

 

 

SITE 1 Cisco Router 886

version 15.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname CISCO-886-LABBOOK
!
boot-start-marker
boot-end-marker
!
enable secret labbook123
!
no aaa new-model
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key $LABB__K$ address 0.0.0.0       
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
 mode tunnel
!
crypto ipsec profile LABBOOK
 set security-association lifetime seconds 900
 set transform-set strong
!
!
!
!
!
interface Tunnel0
 bandwidth 1024
 ip address 10.10.10.2 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip nhrp authentication $LABBook$
 ip nhrp map multicast dynamic
 ip nhrp map multicast 75.75.75.35
 ip nhrp map 10.10.10.1 75.75.75.35
 ip nhrp network-id 1
 ip nhrp nhs 10.10.10.1
 ip nhrp registration no-unique
 ip tcp adjust-mss 1360
 tunnel source Dialer1
 tunnel destination 75.75.75.35
 tunnel key 0
 tunnel protection ipsec profile LABBOOK
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 no shutdown
!
interface ATM0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface Vlan1
 ip address 192.168.5.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 hold-queue 1500 in
 no shutdown
!
interface Vlan2
 ip address 192.168.6.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 hold-queue 1500 in
 no shutdown
!
interface Dialer1
 mtu 1492
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname labbook@labbook.gr
 ppp chap password 0 labbook123
 no cdp enable
 hold-queue 1500 in
 no shutdown
!
!
router eigrp 123
 network 10.10.10.0 0.0.0.3
 network 192.168.5.0
 network 192.168.6.0
 passive-interface Dialer1
 passive-interface ATM0
!
!
!
ip nat inside source list 190 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
access-list 190 permit ip host 192.168.5.0 any
access-list 190 permit ip host 192.168.6.0 any
!
!
end

------------------------------------------------------------------------

 

SITE 2 Cisco Router 2811

version 15.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname CISCO-2811-LABBOOK
!
boot-start-marker
boot-end-marker
!
enable secret labbook123
!
no aaa new-model
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
crypto isakmp key $LABB__K$ address 0.0.0.0       
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
 mode tunnel
!
crypto ipsec profile LABBOOK
 set security-association lifetime seconds 900
 set transform-set strong
!
!
!
!
!
interface Tunnel0
 bandwidth 1024
 ip address 10.10.10.1 255.255.255.252
 no ip redirects
 ip mtu 1400
 ip nhrp authentication $LABBook$
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip tcp adjust-mss 1360
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel key 0
 tunnel protection ipsec profile LABBOOK
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 no shutdown
!
interface ATM0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface fastethernet0/0
 ip address 192.168.3.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 hold-queue 1500 in
 no shutdown
!
interface fastethernet0/1
 ip address 192.168.4.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 hold-queue 1500 in
 no shutdown
!
interface Dialer1
 mtu 1492
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname labbook2@labbook.gr
 ppp chap password 0 labbook123
 no cdp enable
 hold-queue 1500 in
 no shutdown
!
!
router eigrp 123
 network 10.10.10.0 0.0.0.3
 network 192.168.3.0
 network 192.168.4.0
 passive-interface Dialer1
 passive-interface ATM0
!
!
!
ip nat inside source list 190 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
access-list 190 permit ip host 192.168.3.0 any
access-list 190 permit ip host 192.168.4.0 any
!
!
end

 

 

 

Read 3322 times
Published in VPN Technology