While studying for the ISCW and learning about GRE and IPSEC tunnels I started to look into DMVPNs. Wow are they cool, so I tried to configure them using the 2 internet connections I have at home. After about 2 hours of banging my head against the wall trying to get IPSEC to come up I finally realized that I had done a previous NAT for UDP 500 to the ASA behind the router I was configuring!!! Once I removed that line it came up straight away.
I used the following links to configure it:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml#dynmulti
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008019d6f7.shtml
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008014bcd7.shtml#isa
On the HUB router i used the following:
crypto isakmp policy 5
authentication pre-share
group 2
crypto isakmp key dmvpnkey address 0.0.0.0 0.0.0.0
crypto isakmp nat keepalive 20
!
!
crypto ipsec transform-set dmvpnset esp-3des esp-sha-hmac
!
crypto ipsec profile dmvpnprof
set transform-set dmvpnset
interface Tunnel1
description MULTI-POINT GRE TUNNEL
bandwidth 1000
ip address 10.254.0.1 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication dmvpn
ip nhrp map multicast dynamic
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp cache non-authoritative
no ip route-cache cef
no ip route-cache
no ip mroute-cache
delay 1000
tunnel source FastEthernet0
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile dmvpnprof
SPOKE Router
crypto isakmp policy 5
authentication pre-share
group 2
crypto isakmp key dmvpnkey address "ip address of hub router"
!
!
crypto ipsec transform-set dmvpnset esp-3des esp-sha-hmac
!
crypto ipsec profile dmvpnprof
set transform-set dmvpnset
description HOST DYNAMIC TUNNEL
bandwidth 1000
ip address 10.254.0.2 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication dmvpn
ip nhrp map multicast dynamic
ip nhrp map multicast "ip address of hub router"
ip nhrp map 10.254.0.1 "ip address of hub router"
ip nhrp network-id 99
ip nhrp holdtime 300
ip nhrp nhs 10.254.0.1
no ip route-cache cef
no ip route-cache
no ip mroute-cache
ip ospf network broadcast
delay 1000
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 100000
tunnel protection ipsec profile dmvpnprof
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment