Buongiorno...scusate il ritardo...
come promesso ecco la configurazione funzionante di una DMVPN DUAL HUB DUAL CLOUD (quindi ridondante) con EIGRP che mi permette di dare priorità alle ROTTE e di mantenere comunque una ridondanza...
in particolare questa configurazione prevede 2 2811 che fanno da HUB e 2 1801 che fanno DA SPOKE (gli spoke sono in HSRP quindi ridondati sullo stesso sito):
Sono sicuro che può essere migliorata...anche perchè non sono un PRO quindi qualsiasi suggerimento è bene accetto !!!!
HUB A:
Building configuration...
[OK]
TDV2811BT#sh run
Building configuration...
Current configuration : 4987 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TDV2811BT
!
boot-start-marker
boot-end-marker
!
enable secret 5 ***************
enable password **************
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
dot11 syslog
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-3159327183
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3159327183
revocation-check none
rsakeypair TP-self-signed-3159327183
!
!
crypto pki certificate chain TP-self-signed-3159327183
certificate self-signed 01
30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313539 33323731 3833301E 170D3039 30333137 31333430
30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353933
32373138 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BF7F 9D883135 57CAAA9D 76462824 B55A4FED 998B6C4D BEEEF95F DD50F1A5
DF9451AD 5CDCE24D AB30CD75 5FF13250 76708727 F1F06C4A 739ECD51 AFC823DD
91B4125B A1FD28F3 BA3874DA 3FF2E721 D89F1818 BD52D83C 4661A55B 1F15BB0E
1C185198 91498E83 C3624028 ADE82A57 E5855E18 B0E87B24 C6060541 E2A6882B
DE550203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603
551D1104 0D300B82 09544456 2D323831 3141301F 0603551D 23041830 16801470
6DF65F66 3F846510 BA36AD96 E52C7606 A5E66E30 1D060355 1D0E0416 0414706D
F65F663F 846510BA 36AD96E5 2C7606A5 E66E300D 06092A86 4886F70D 01010405
00038181 00A09C82 7EC51109 2B9E2FB5 78136373 20E54560 9160BBDF A68C10A7
BE99F6F1 C45CF445 BF32EA0D EA7D7261 837461A4 6804D6C6 420B1F00 864396C7
8F992EFE AD73A8F0 BC7FB16F 17A1E1E2 3D0B33BC E658CCB1 48220942 39689371
CF66EA3C A0BF9AD7 CA041FB9 96205399 9D3F32DB F4904823 4E82DBBC 209B3E5C
51A6E956 03
quit
!
!
username AS@dmin privilege 15 password 0 ****************
archive log config
hidekeys
!
!
crypto isakmp policy 1
authentication pre-share
!
crypto isakmp policy 2
authentication pre-share
group 2
crypto isakmp key ************* address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
crypto isakmp client configuration group Remote@ccess
key ************************
pool SDM_POOL_1
max-users 4
crypto isakmp profile sdm-ike-profile-1
match identity group Remote@ccess
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
crypto ipsec transform-set DESRemoteAccess esp-des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 600
set transform-set DESRemoteAccess
set isakmp-profile sdm-ike-profile-1
!
crypto ipsec profile vpnprof
set transform-set trans2
!
!
!
!
!
!
!
!
!
interface Tunnel10
bandwidth 1000
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication **********
ip nhrp map multicast dynamic
ip nhrp network-id 100000
ip nhrp holdtime 600
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile vpnprof
!
interface FastEthernet0/0
ip address 85*********** 255.255.255.248
duplex half
speed auto
!
interface FastEthernet0/1
ip address 192.168.192.101 255.255.255.0
duplex full
speed auto
standby 0 ip 192.168.192.100
standby 0 timers msec 200 msec 750
standby 0 priority 110
standby 0 preempt
standby 0 track FastEthernet0/0
standby 0 track Tunnel10
no mop enabled
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
router eigrp 1
network 10.0.0.0 0.0.0.255
network 192.168.192.0
auto-summary
!
ip local pool SDM_POOL_1 192.168.192.47 192.168.192.50
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 85.20.239.25
ip route 192.168.115.0 255.255.255.0 192.168.192.150
ip route 192.168.170.0 255.255.255.0 192.168.192.150
ip route 192.168.175.0 255.255.255.0 192.168.192.150
ip route 192.168.192.161 255.255.255.255 192.168.192.150
ip route 192.168.192.162 255.255.255.255 192.168.192.150
ip route 192.168.205.0 255.255.255.0 192.168.192.150
!
!
ip http server
ip http secure-server
!
snmp-server community public RO
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password *************
transport input ssh
!
scheduler allocate 20000 1000
!
end
HUB B:
Building configuration...
Current configuration : 6998 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TdvRouter1
!
boot-start-marker
boot-end-marker
!
logging buffered 1000000
enable secret 5 ***********************
enable password **********************
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local none
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
dot11 syslog
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip name-server 151.99.125.1
ip name-server 151.99.250.2
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-3039003828
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3039003828
revocation-check none
rsakeypair TP-self-signed-3039003828
!
!
!
!
username AS@admin privilege 15 password 0 ***********
username Remote privilege 15 view root secret *********************
archive
log config
hidekeys
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
!
crypto isakmp policy 3
authentication pre-share
crypto isakmp key **************** address 84***********
crypto isakmp key ******************* address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
crypto isakmp client configuration group RemoteAccess
key ****************
pool SDM_POOL_1
crypto isakmp profile sdm-ike-profile-1
match identity group RemoteAccess
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set tunnelvestasmdf esp-aes esp-md5-hmac
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
crypto ipsec profile vpnprof
set transform-set trans2
!
!
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to Vestas
set peer **************
set security-association lifetime seconds 28800
set transform-set tunnelvestasmdf
match address 103
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.10.10.1 255.255.255.0
!
interface Tunnel10
bandwidth 1000
ip address 10.0.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ***************
ip nhrp map multicast dynamic
ip nhrp network-id 100001
ip nhrp holdtime 600
delay 1100
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile vpnprof
!
interface FastEthernet0/0
description $ETH-WAN$
ip address 87*********** 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
ip address 192.168.192.102 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed auto
standby 0 ip 192.168.192.100
standby 0 timers msec 200 msec 750
standby 0 priority 105
standby 0 track FastEthernet0/0
standby 0 track Tunnel10
no mop enabled
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
router eigrp 1
network 10.0.1.0 0.0.0.255
network 192.168.192.0
no auto-summary
!
ip local pool SDM_POOL_1 192.168.192.47 192.168.192.50
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 87.30.222.14
ip route 192.168.115.0 255.255.255.0 192.168.192.150
ip route 192.168.170.0 255.255.255.0 192.168.192.150
ip route 192.168.175.0 255.255.255.0 192.168.192.150
ip route 192.168.192.161 255.255.255.255 192.168.192.150
ip route 192.168.192.162 255.255.255.255 192.168.192.150
ip route 192.168.205.0 255.255.255.0 192.168.192.150
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source static tcp 192.168.192.162 26862 interface FastEthernet0/0 26862
ip nat inside source route-map SDM_RMAP_3 interface FastEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_4 interface FastEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_5 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.192.161 80 87.30.222.10 80 route-map SDM_RMAP_6 extendable
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.192.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 deny tcp host 192.168.192.161 eq www any
access-list 100 deny ip any host 192.168.192.47
access-list 100 deny ip any host 192.168.192.48
access-list 100 deny ip any host 192.168.192.49
access-list 100 deny ip any host 192.168.192.50
access-list 100 remark IPSec Rule
access-list 100 deny ip 192.168.115.0 0.0.0.255 host 10.96.52.220
access-list 100 permit ip host 192.168.192.161 any
access-list 101 remark SDM_ACL Category=2
access-list 101 deny tcp host 192.168.192.161 eq www any
access-list 101 deny ip any host 192.168.192.47
access-list 101 deny ip any host 192.168.192.48
access-list 101 deny ip any host 192.168.192.49
access-list 101 deny ip any host 192.168.192.50
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.115.0 0.0.0.255 host 10.96.52.220
access-list 101 permit ip 192.168.192.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.115.0 0.0.0.255 host 10.96.52.220
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 192.168.192.161 host 192.168.192.50
access-list 104 deny ip host 192.168.192.161 host 192.168.192.49
access-list 104 deny ip host 192.168.192.161 host 192.168.192.48
access-list 104 deny ip host 192.168.192.161 host 192.168.192.47
access-list 104 permit tcp host 192.168.192.161 eq www any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny tcp host 192.168.192.161 eq www any
access-list 105 deny ip any host 192.168.192.47
access-list 105 deny ip any host 192.168.192.48
access-list 105 deny ip any host 192.168.192.49
access-list 105 deny ip any host 192.168.192.50
access-list 105 remark IPSec Rule
access-list 105 deny ip 192.168.115.0 0.0.0.255 host 10.96.52.220
access-list 105 permit ip host 192.168.192.162 any
snmp-server community public RO
!
!
route-map SDM_RMAP_4 permit 1
match ip address 100
!
route-map SDM_RMAP_5 permit 1
match ip address 105
!
route-map SDM_RMAP_6 permit 1
match ip address 104
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
route-map SDM_RMAP_2 permit 1
match ip address 101
!
route-map SDM_RMAP_3 permit 1
match ip address 101
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password *********************
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
SPOKE A:
Building configuration...
Current configuration : 4716 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MDF1801TIN
!
boot-start-marker
boot-end-marker
!
enable secret 5 **************************
enable password ************************
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-85045134
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-85045134
revocation-check none
rsakeypair TP-self-signed-85045134
!
!
crypto pki certificate chain TP-self-signed-85045134
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38353034 35313334 301E170D 30393033 31383134 34373037
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D383530 34353133
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B6A4
4E402234 4DA88393 876E7408 3F1DA333 2E79D4AD AA624FF8 1D78E504 E615DF1C
0EA72564 92974525 340D5DAE A8DC98CA B424E9DC A2ACF04A 6E78290F C985248B
9441E871 714041D9 08690FA7 EC41AFE4 A45EA472 0B5659EF 3CEDDA31 B94B1187
BB83ABE3 3C673D62 80AB1CB9 1C04D7F5 9B78178A EBB91ADE 2FFC8893 E15B0203
010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603 551D1104
0E300C82 0A4D4446 31383031 54494E30 1F060355 1D230418 30168014 BD5F4E8C
EF9D1A51 0BB3B416 65EB5325 8A74299C 301D0603 551D0E04 160414BD 5F4E8CEF
9D1A510B B3B41665 EB53258A 74299C30 0D06092A 864886F7 0D010104 05000381
810025D5 36CF50C9 C61D1CD5 DBE7B9D0 B444444C 5967B6DE D6524291 531BEA2F
AE92414B 34B552A0 793267B7 E70841E7 D8000CFB 3FAA2574 079A75E7 6C39A56C
EF0FE6F8 CBE8CBF5 1F81DD7C 7FDD155B 4A05F2C7 6F6CF84C 536FDDB2 71B639BD
F27D73F6 0B524EF3 BAEF330A 07A52CE2 2653283C 82F94012 BF7D0F38 C284A414 7D3D
quit
dot11 syslog
!
!
ip cef
!
!
!
multilink bundle-name authenticated
!
!
username AS@dmin privilege 15 password 0 ***********************
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key ********************* address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile vpnprof
set transform-set trans2
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface Tunnel10
bandwidth 1000
ip address 10.0.0.11 255.255.255.0
ip mtu 1400
ip nhrp authentication **************
ip nhrp map 10.0.0.1 *************
ip nhrp network-id 100000
ip nhrp holdtime 300
ip nhrp nhs 10.0.0.1
delay 1000
tunnel source ATM0.1
tunnel destination **************
tunnel key 100000
tunnel protection ipsec profile vpnprof
!
interface Tunnel11
bandwidth 1000
ip address 10.0.1.11 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ************
ip nhrp map 10.0.1.1 ************
ip nhrp network-id 100001
ip nhrp holdtime 300
ip nhrp nhs 10.0.1.1
delay 1500
tunnel source ATM0.1
tunnel destination *************
tunnel key 100001
tunnel protection ipsec profile vpnprof
!
interface FastEthernet0
ip address 192.168.110.150 255.255.255.0
duplex auto
speed auto
standby 0 ip 192.168.110.151
standby 0 timers msec 200 msec 750
standby 0 priority 110
standby 0 preempt delay minimum 120
standby 0 track Tunnel10
standby 0 track Tunnel11
standby 0 track ATM0.1
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 82*********** 255.255.255.252
ip nat outside
ip virtual-reassembly
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
!
router eigrp 1
offset-list 1 out 12800 Tunnel10
offset-list 1 out 12800 Tunnel11
network 10.0.0.0 0.0.0.255
network 10.0.1.0 0.0.0.255
network 192.168.110.0
distribute-list 1 out
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip route 192.168.170.0 255.255.255.0 192.168.192.100
ip route 192.168.175.0 255.255.255.0 192.168.192.100
ip route 192.168.205.0 255.255.255.0 192.168.192.100
!
!
ip http server
ip http authentication local
ip http secure-server
!
access-list 1 permit 192.168.110.0
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password ***************
login local
transport input ssh
!
end
SPOKE B:
Building configuration...
Current configuration : 4632 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MDF1812SAT
!
boot-start-marker
boot-end-marker
!
enable secret 5 ****************
enable password **********************
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-4205262180
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4205262180
revocation-check none
rsakeypair TP-self-signed-4205262180
!
!
crypto pki certificate chain TP-self-signed-4205262180
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323035 32363231 3830301E 170D3039 30333138 30383236
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32303532
36323138 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D7C4 379ADEDE F85B045C BF946405 6D58EDE8 1319E526 B6EB0A81 C18B964B
086D869C 2812CE75 B7F461C9 B032F7E6 DD1BDA61 84AB9B31 D2D8B3EB 800519EB
E7523442 7743544B 36A25762 A797DF8C D30A81A8 078FEE3F 284E6F69 5B8F1F3E
26CF946F F23AB1D2 EC3637A6 3A4F94EE 0A0AE805 9391F3E5 319B50A3 4C7AD2DC
DB290203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603
551D1104 0E300C82 0A4D4446 31383132 53415430 1F060355 1D230418 30168014
12B2D63E 13E24853 E563CB9A 104A06B6 17064CC5 301D0603 551D0E04 16041412
B2D63E13 E24853E5 63CB9A10 4A06B617 064CC530 0D06092A 864886F7 0D010104
05000381 810024F0 2967A7B6 AA0D77E1 05ABFC1C 5B40012B 6830E575 90AE179E
8EDBD50E 38E6ABE7 4231C3CF 4ED0FFDF 2F08CEAC E69C11E2 675D43B0 03960E36
B40D90DC 20A616E7 22AD86F3 B80F72F1 23543BE2 A8D8C0BD C7AC6583 B07251F2
572F3DF3 0E30B51A 59C36F89 03FF4A20 21871CC7 43A73004 302F38EC CB81E0BC
EBA04E3A 8DCB
quit
dot11 syslog
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username AS@dmin privilege 15 password 0 *****************
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key ***************** address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile vpnprof
set transform-set trans2
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface Tunnel10
bandwidth 1000
ip address 10.0.0.12 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ************
ip nhrp map 10.0.0.1 ***********
ip nhrp network-id 100000
ip nhrp holdtime 300
ip nhrp nhs 10.0.0.1
delay 1050
tunnel source FastEthernet0
tunnel destination **************
tunnel key 100000
tunnel protection ipsec profile vpnprof
!
interface Tunnel11
bandwidth 1000
ip address 10.0.1.12 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication ***********
ip nhrp map 10.0.1.1 ****************
ip nhrp network-id 100001
ip nhrp holdtime 300
ip nhrp nhs 10.0.1.1
delay 1550
tunnel source FastEthernet0
tunnel destination ***********
tunnel key 100001
tunnel protection ipsec profile vpnprof
!
interface FastEthernet0
ip address *********** 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Vlan1
ip address 192.168.110.152 255.255.255.0
standby 0 ip 192.168.110.151
standby 0 priority 105
standby 0 preempt
standby 0 track FastEthernet0
standby 0 track Tunnel10
standby 0 track Tunnel11
!
router eigrp 1
offset-list 1 out 19200 Tunnel10
offset-list 1 out 19200 Tunnel11
network 10.0.0.0 0.0.0.255
network 10.0.1.0 0.0.0.255
network 192.168.110.0
distribute-list 1 out
auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 ****************
ip route 192.168.170.0 255.255.255.0 192.168.192.100
ip route 192.168.175.0 255.255.255.0 192.168.192.100
ip route 192.168.205.0 255.255.255.0 192.168.192.100
!
!
ip http server
ip http authentication local
ip http secure-server
!
access-list 1 permit 192.168.110.0
snmp-server community public RO
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password ****************
login local
transport input ssh
!
end
