1. Topology

a. Rack is from IOU v5. This lab will use seven routers to complete whole DMVPN configuration and test.

b. network topology. It is drew from gliffy website mentioned in previous post cool networking website and tools collection.

2. Configuration Before IPSec Enabled

R6:
interface Serial2/2
 ip address 172.17.6.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.17.6.1

R1: HUB
interface Tunnel0
 ip address 10.1.1.1 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip hold-time eigrp 1 35
 no ip next-hop-self eigrp 1
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 no ip split-horizon eigrp 1
 tunnel source 192.168.1.100
 tunnel mode gre multipoin
!
interface Ethernet0/1
 ip address 192.168.1.100 255.255.255.0
!
interface Serial2/2
 ip address 172.17.6.1 255.255.255.0
!
router eigrp 1
 network 10.0.0.0
 network 172.17.0.0
 network 192.168.0.0
 no auto-summary
!
ip route 192.168.0.0 255.255.0.0 192.168.1.1

R2: Cloud
interface Ethernet0/0
 ip address 192.168.2.1 255.255.255.0
!
interface Ethernet0/1
 ip address 192.168.1.1 255.255.255.0
!
interface Serial2/2
 ip address 192.168.3.1 255.255.255.0

R3: Spoke
interface Tunnel0
 ip address 10.1.1.2 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip hold-time eigrp 1 35
 no ip next-hop-self eigrp 1
 ip nhrp map 10.1.1.1 192.168.1.100
 ip nhrp map multicast 192.168.1.100
 ip nhrp network-id 1
 ip nhrp nhs 10.1.1.1
 no ip split-horizon eigrp 1
 tunnel source 192.168.2.100
 tunnel mode gre multipoint
!
interface Ethernet0/0
 ip address 192.168.2.100 255.255.255.0
!
interface Ethernet0/1
 ip address 172.17.2.1 255.255.255.0
router eigrp 1
 network 10.0.0.0
 network 172.17.0.0
 network 192.168.0.0
 no auto-summary
!
ip route 192.168.1.0 255.255.255.0 192.168.2.1

R4:
interface Ethernet0/1
 ip address 172.17.2.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.17.2.1

R7: Spoke:
interface Tunnel0
 ip address 10.1.1.3 255.255.255.0
 no ip redirects
 ip mtu 1416
 ip hold-time eigrp 1 35
 no ip next-hop-self eigrp 1
 ip nhrp map 10.1.1.1 192.168.1.100
 ip nhrp map multicast 192.168.1.100
 ip nhrp network-id 1
 ip nhrp nhs 10.1.1.1
 no ip split-horizon eigrp 1
 tunnel source 192.168.3.100
 tunnel mode gre multipoint
!
interface Ethernet1/1
 ip address 172.17.3.1 255.255.255.0
interface Serial2/2
 ip address 192.168.3.100 255.255.255.0
!
router eigrp 1
 network 10.0.0.0
 network 172.17.0.0
 network 192.168.0.0
 no auto-summary
!
ip route 192.168.1.0 255.255.255.0 192.168.3.1
!

R10:
interface Ethernet1/1
 ip address 172.17.3.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 172.17.3.1

3. Configuration to enable IPSec

On R1, R3 and R7, add following IPSec configuration into routes.

crypto isakmp policy 10
authentication pre-share

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
crypto ipsec transform MINE esp-3des

crypto ipsec profile DMVPN
set transform-set MINE

interface tunnel0
tunnel protection ipsec profile DMVPN

Reference:

By Jon

2 thoughts on “Cisco VPN LAB 3 : A Simple DMVPN Configuration Example”

Leave a Reply