! R2
show ip nhrp : it displays mapping
show dmvpn
show ip route eigrp
ping 10.4.4.4 source 10.2.2.2 repeat 2
! R1
show crypto isakmp policy
conf t
crypto isakmp policy 5 : lower the number better the priority
hash sha
authentication pre-share
group 14
lifetime 86400
encr aes 256
exit
crypto isakmp key cisco123 address 0.0.0.0 : anybody having this key will be able to peer with R1
crypto ipsec transform-set OURSET esp-aes 256 esp-sha-hmac : for ike phase 2
mode transport : default mode is tunnel
exit
crypto ipsec profile OUR_IPSec_PROFILE
set transform-set OURSET
exit
interface tunnel 0
tunnel protection ipsec profile OUR_IPSec_PROFILE
exit
int gig 1/0
shutdown
no shutdown
end
! Repeat above on R2 - R4
! R2
show ip route
show ip route eigrp
show ip nhrp
ping 10.4.4.4 source 10.2.2.2 repeat 1
ping 10.3.3.3 source 10.2.2.2 repeat 1
show dmvpn
ping 10.3.3.3 repeat 1
show dmpvn
show dmvpn detail
show dmvpn peer nbma 45.0.0.4 detail
show crypto isakmp sa
show crypto isakmp sa detail
show crypto ipsec sa peer 15.0.0.1
show crypto ipsec sa peer 45.0.0.4
show dmvpn detail
No comments:
Post a Comment