Dmvpn Aiuto
Inviato: ven 30 mag , 2014 11:14 am
Un aiuto per cortesia, ho provato questa configurazione per una Dmvpn ma mentre lo spoke sembra instaurare il tunnel l'hub non se lo sogna neppure.
Dove sbaglio?
Che test posso fare?
Tenete presente che il tutto è simulato tramite uno switch e/o cavo cross.
Non so più dove sbattere la testa.
La configurazione è per un solo spoke ma quando e se riuscirò a farla funzionare dovrò aggiungere altri 3 spoke per unire 4 sedi.
Inoltre farò un merge con la configurazione attuale dei router che prevede DHCP verso la rete interna e una serie di nat per dei server web e quant'altro.
I router che stò usando sono un 2801 e 3 1841 la IOS prevede le vpn ed è per i 3 1841 Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2)
per il 2081 Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9_IVS-M), Version 12.4(9)T1, RELEASE SOFTWARE (fc2)
Grazie in anticipo.
Sotto sono riportate le conf .
Aiuto!!!!!!!!!!!!!!
Current configuration : 1703 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Gropello
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$hNMo$gMcGQbB1WFoD4AF9F3bH61
enable password MIm80799
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key mim80799 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
!
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 192.168.100.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 90
ip nhrp authentication DMVPN_NW
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip tcp adjust-mss 1360
no ip split-horizon eigrp 90
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile SDM_Profile1
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 37.159.205.66 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.17.2 255.255.255.0
speed auto
half-duplex
no mop enabled
!
router eigrp 90
network 192.168.17.0
network 192.168.20.0
network 192.168.100.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 37.159.205.65
!
!
ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line vty 0 4
password mim80799
login
!
scheduler allocate 20000 1000
end
spoke :
Current configuration : 1676 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Echo
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$VCZv$/lKOKw/.gFIYVMOxu31Mc/
enable password MIm80799
!
no aaa new-model
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key mim80799 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 192.168.100.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN_NW
ip nhrp map multicast 37.159.205.66
ip nhrp map 192.168.100.1 37.159.205.66
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp nhs 192.168.100.1
ip nhrp cache non-authoritative
ip tcp adjust-mss 1360
delay 1000
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile SDM_Profile1
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 91.81.10.74 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.20.2 255.255.255.0
speed auto
half-duplex
no mop enabled
!
router eigrp 90
network 192.168.17.0
network 192.168.20.0
network 192.168.100.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 37.159.205.66
!
!
ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password mim80799
login
!
scheduler allocate 20000 1000
end
Dove sbaglio?
Che test posso fare?
Tenete presente che il tutto è simulato tramite uno switch e/o cavo cross.
Non so più dove sbattere la testa.
La configurazione è per un solo spoke ma quando e se riuscirò a farla funzionare dovrò aggiungere altri 3 spoke per unire 4 sedi.
Inoltre farò un merge con la configurazione attuale dei router che prevede DHCP verso la rete interna e una serie di nat per dei server web e quant'altro.
I router che stò usando sono un 2801 e 3 1841 la IOS prevede le vpn ed è per i 3 1841 Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(11)T, RELEASE SOFTWARE (fc2)
per il 2081 Cisco IOS Software, 2801 Software (C2801-ADVENTERPRISEK9_IVS-M), Version 12.4(9)T1, RELEASE SOFTWARE (fc2)
Grazie in anticipo.
Sotto sono riportate le conf .
Aiuto!!!!!!!!!!!!!!
Current configuration : 1703 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Gropello
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$hNMo$gMcGQbB1WFoD4AF9F3bH61
enable password MIm80799
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key mim80799 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
!
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 192.168.100.1 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 90
ip nhrp authentication DMVPN_NW
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 360
ip tcp adjust-mss 1360
no ip split-horizon eigrp 90
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile SDM_Profile1
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 37.159.205.66 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.17.2 255.255.255.0
speed auto
half-duplex
no mop enabled
!
router eigrp 90
network 192.168.17.0
network 192.168.20.0
network 192.168.100.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 37.159.205.65
!
!
ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line vty 0 4
password mim80799
login
!
scheduler allocate 20000 1000
end
spoke :
Current configuration : 1676 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Echo
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$VCZv$/lKOKw/.gFIYVMOxu31Mc/
enable password MIm80799
!
no aaa new-model
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key mim80799 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 192.168.100.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN_NW
ip nhrp map multicast 37.159.205.66
ip nhrp map 192.168.100.1 37.159.205.66
ip nhrp network-id 100000
ip nhrp holdtime 360
ip nhrp nhs 192.168.100.1
ip nhrp cache non-authoritative
ip tcp adjust-mss 1360
delay 1000
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile SDM_Profile1
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 91.81.10.74 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.20.2 255.255.255.0
speed auto
half-duplex
no mop enabled
!
router eigrp 90
network 192.168.17.0
network 192.168.20.0
network 192.168.100.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 37.159.205.66
!
!
ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password mim80799
login
!
scheduler allocate 20000 1000
end