R1
……………………………………………………………………………………………………………………………………………
vrf definition dmvpn
!
address-family ipv4
exit-address-family
!
crypto ikev2
proposal prop-01
encryption aes-cbc-128 aes-cbc-192
integrity sha256 sha512
group 14 15
!
crypto ikev2 policy
pol-01
proposal prop-01
!
crypto ikev2 keyring
dmvpn-key
peer ALL
address 0.0.0.0 0.0.0.0
pre-shared-key cisco123
!
crypto ikev2 profile
prof-01
match identity remote address 0.0.0.0
authentication local pre-share
authentication remote pre-share
keyring local dmvpn-key
!
crypto ipsec
transform-set tset esp-aes 192 esp-sha512-hmac
mode tunnel
!
crypto ipsec profile
dmvpn
set transform-set tset
set ikev2-profile prof-01
!
interface Loopback0
vrf forwarding dmvpn
ip address 10.150.10.1 255.255.255.255
!
interface Tunnel0
vrf forwarding
dmvpn !!! …. This is to define iVRF
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip split-horizon eigrp 102
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp redirect
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile dmvpn
!
interface
GigabitEthernet0/0
ip address 10.150.1.1 255.255.255.0
!
router eigrp 1
!
address-family ipv4 vrf dmvpn
autonomous-system 102
network 10.150.10.1 0.0.0.0
network 192.168.1.1 0.0.0.0
exit-address-family
!
ip route 0.0.0.0
0.0.0.0 10.150.1.2
R1#
sh cry ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id
Local Remote fvrf/ivrf Status
1 10.150.1.1/500 10.150.5.1/500 none/dmvpn READY
Encr: AES-CBC, keysize: 128, PRF: SHA256,
Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/5847 sec
Tunnel-id
Local Remote fvrf/ivrf Status
2 10.150.1.1/500 10.150.6.1/500 none/dmvpn READY
Encr: AES-CBC, keysize: 128, PRF: SHA256,
Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/4183 sec
IPv6 Crypto IKEv2 SA
R5
……………………………………………………………………………………………………………………………………………
vrf definition dmvpn
!
address-family ipv4
exit-address-family
!
crypto ikev2
proposal prop-01
encryption aes-cbc-128 aes-cbc-192
integrity sha256 sha512
group 14 15
!
crypto ikev2 policy
pol-01
match fvrf dmvpn !!! ….. Because tunnel is invoked using
VRF, this policy should be assigned to same Front VRF
match address local 10.150.5.1 !!! ….. This source interface should be
defined as its in VRF Routing Table instead of Global Routing Table
proposal prop-01
!
crypto ikev2 keyring
dmvpn-key
peer R1
address 0.0.0.0 0.0.0.0
pre-shared-key cisco123
!
crypto ikev2 profile
prof-01
match fvrf dmvpn !!! ….. Because tunnel is invoked
using VRF, this profile should be assigned to same Front VRF
match identity remote address 0.0.0.0
authentication local pre-share
authentication remote pre-share
keyring local dmvpn-key
!
crypto ipsec
transform-set tset esp-aes 192 esp-sha512-hmac
mode tunnel
!
crypto ipsec profile
dmvpn
set transform-set tset
set ikev2-profile prof-01
!
interface Loopback0
vrf forwarding dmvpn
ip address 10.150.50.1 255.255.255.255
!
interface Tunnel0
vrf forwarding dmvpn !!! …. Assign iVRF same as fVRF
ip address 192.168.1.2 255.255.255.0
no ip redirects
ip nhrp map 192.168.1.1 10.150.1.1
ip nhrp map multicast 10.150.1.1
ip nhrp network-id 1
ip nhrp nhs 192.168.1.1
ip nhrp shortcut
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel vrf dmvpn !!! … Invoke the tunnel using Front VRF
used on the source interface
tunnel protection ipsec profile dmvpn
!
interface
GigabitEthernet0/0
vrf forwarding dmvpn
ip address 10.150.5.1 255.255.255.0
!
router eigrp 1
!
address-family ipv4 vrf dmvpn
autonomous-system 102
network 10.150.50.1 0.0.0.0
network 192.168.1.2 0.0.0.0
exit-address-family
!
ip route
vrf dmvpn 0.0.0.0 0.0.0.0 10.150.5.2
R5#sh
cry ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id
Local Remote fvrf/ivrf Status
2 10.150.5.1/500 10.150.6.1/500 dmvpn/dmvpn READY
Encr: AES-CBC, keysize: 128, PRF: SHA256,
Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/2475 sec
Tunnel-id
Local Remote fvrf/ivrf Status
1 10.150.5.1/500 10.150.1.1/500 dmvpn/dmvpn READY
Encr: AES-CBC, keysize: 128, PRF: SHA256,
Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/6088 sec
IPv6 Crypto IKEv2 SA
R6 (This is same as
R5 except that F-VRF is different from I-VRF)
……………………………………………………………………………………………………………………………………………
vrf
definition fvrf-dmvpn
!
address-family ipv4
exit-address-family
!
vrf
definition ivrf-dmvpn
!
address-family ipv4
exit-address-family
!
crypto ikev2
proposal prop-01
encryption aes-cbc-128 aes-cbc-192
integrity sha256 sha512
group 14 15
!
crypto ikev2 policy
pol-01
match fvrf fvrf-dmvpn
proposal prop-01
!
crypto ikev2 keyring
dmvpn-key
peer R1
address 0.0.0.0 0.0.0.0
pre-shared-key cisco123
!
crypto ikev2 profile
prof-01
match fvrf fvrf-dmvpn
match identity remote address 0.0.0.0
identity local address 10.150.6.1
authentication local pre-share
authentication remote pre-share
keyring local dmvpn-key
!
crypto ipsec
transform-set tset esp-aes 192 esp-sha512-hmac
mode tunnel
!
crypto ipsec profile
dmvpn
set transform-set tset
set ikev2-profile prof-01
!
interface Loopback0
vrf forwarding ivrf-dmvpn
ip address 10.150.60.1 255.255.255.255
!
interface Tunnel0
vrf forwarding ivrf-dmvpn
ip address 192.168.1.3 255.255.255.0
no ip redirects
ip nhrp map 192.168.1.1 10.150.1.1
ip nhrp map multicast 10.150.1.1
ip nhrp network-id 1
ip nhrp nhs 192.168.1.1
ip nhrp shortcut
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel vrf fvrf-dmvpn
tunnel protection ipsec profile dmvpn
!
interface
GigabitEthernet0/0
vrf forwarding fvrf-dmvpn
ip address 10.150.6.1 255.255.255.0
!
router eigrp 1
!
address-family ipv4 vrf ivrf-dmvpn
autonomous-system 102
network 10.150.60.1 0.0.0.0
network 192.168.1.3 0.0.0.0
exit-address-family
!
ip route vrf
fvrf-dmvpn 0.0.0.0 0.0.0.0 10.150.6.2
R6#
sh cry ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id
Local Remote fvrf/ivrf Status
1 10.150.6.1/500 10.150.1.1/500 fvrf-dmvpn/ivrf-dm READY
Encr: AES-CBC, keysize: 128, PRF: SHA256,
Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/4924 sec
Tunnel-id
Local Remote fvrf/ivrf Status
2 10.150.6.1/500 10.150.5.1/500 fvrf-dmvpn/ivrf-dm READY
Encr: AES-CBC, keysize: 128, PRF: SHA256,
Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/2973 sec
IPv6 Crypto IKEv2 SA
Casino Games | DrmCMD
ReplyDeleteDr.MCD is your 충청북도 출장안마 premier 김포 출장샵 source of quality gambling data for the industry, including news, reviews and more. 안양 출장마사지 Our mission is to help Nov 고양 출장마사지 25, 2021 · 구미 출장안마 Uploaded by Casino Games