router ospf 1
router-id 192.0.2.1
area 0.0.0.1
enable
exit
enable
exit
interface gigabitethernet 1/0/1
ip firewall disable
ip address 203.0.113.1/30
exit
tunnel gre 1
description "DMVPN HUB"
ttl 255
mtu 1416
multipoint
ip firewall disable
local address 203.0.113.1
ip address 192.0.2.1/24
ip ospf instance 1
ip ospf area 0.0.0.1
ip ospf priority 150
ip ospf
ip tcp adjust-mss 1360
ip nhrp redirect - (механизм позволяет NHRP-серверу отслеживать не оптимальность прохождения трафика
между NHRP-соседями)
ip nhrp ipsec IPSECVPN_HUB dynamic
ip nhrp multicast dynamic
ip nhrp enable
enable
exit
security ike proposal IKEPROP_HUB
authentication algorithm sha2-512
encryption algorithm aes256
dh-group 16
exit
security ike policy IKEPOLICY_HUB
pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
proposal IKEPROP_HUB
exit
security ike gateway IKEGW_HUB
version v2-only
ike-policy IKEPOLICY_HUB
local address 203.0.113.1
local network 203.0.113.1/32 protocol gre
remote address any
remote network any protocol gre
mode policy-based
exit
security ipsec proposal IPSECPROP_HUB
authentication algorithm sha2-512
encryption algorithm aes256ctr
pfs dh-group 16
exit
security ipsec policy IPSECPOLICY_HUB
proposal IPSECPROP_HUB
exit
security ipsec vpn IPSECVPN_HUB
type transport
ike establish-tunnel route
ike gateway IKEGW_HUB
ike ipsec-policy IPSECPOLICY_HUB
enable
exit
ip route 0.0.0.0/0 203.0.113.2 | 