...
| панель |
|---|
|
router ospf 1
router-id 192.0.2.1
area 0.0.0.1
enable
exit
enable
exit
interface gigabitethernet 1/0/1
ip firewall disable
ip address 203.0.113.1/30
exit
tunnel gre 1
description "DMVPN HUB"
ttl 255
mtu 1416
multipoint
ip firewall disable
local address 203.0.113.1
ip address 192.0.2.1/24
ip ospf instance 1
ip ospf area 0.0.0.1
ip ospf priority 150
ip ospf
ip tcp adjust-mss 1360
ip nhrp redirect - (механизм позволяет NHRP-серверу отслеживать не оптимальность прохождения трафика
между NHRP-соседями)
ip nhrp ipsec IPSECVPN_HUB dynamic
ip nhrp multicast dynamic
ip nhrp enable
enable
exit
security ike proposal IKEPROP_HUB
authentication algorithm sha2-512
encryption algorithm aes256
dh-group 16
exit
security ike policy IKEPOLICY_HUB
pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
proposal IKEPROP_HUB
exit
security ike gateway IKEGW_HUB
version v2-only
ike-policy IKEPOLICY_HUB
local address 203.0.113.1
local network 203.0.113.1/32 protocol gre
remote address any
remote network any protocol gre
mode policy-based
exit
security ipsec proposal IPSECPROP_HUB
authentication algorithm sha2-512
encryption algorithm aes256ctr
pfs dh-group 16
exit
security ipsec policy IPSECPOLICY_HUB
proposal IPSECPROP_HUB
exit
security ipsec vpn IPSECVPN_HUB
type transport
ike establish-tunnel route
ike gateway IKEGW_HUB
ike ipsec-policy IPSECPOLICY_HUB
enable
exit
ip route 0.0.0.0/0 203.0.113.2 |
...
Вывод диагностической информации с HUB-1:
| панель |
|---|
HUB# show ip nhrp peers Tunnel address NBMA address Tunnel Expire Created Type Flags
(h:m:s) (d,h:m:s)
-------------------- ---------------- --------- --------- -------------- --------------- ----------
192.0.2.2 203.0.113.10 gre 1 00:04:07 00,19:57:48 dynamic ULCP
192.0.2.3 203.0.113.14 gre 1 00:04:05 00,19:52:47 dynamic ULCP HUB# show security ipsec vpn status Name Local host Remote host Initiator spi Responder spi State
------------------------------- --------------- --------------- ------------------ ------------------ -----------
IPSECVPN_HUB 203.0.113.1 203.0.113.10 0xfb181a79b0d5fdf6 0x4b87cf2053d2a393 Established
IPSECVPN_HUB 203.0.113.1 203.0.113.14 0xc7ca4f600d6cbc3b 0x144607b8843f35a1 Established HUB# show ip ospf neighbors Router ID Pri State DTime Interface Router IP
--------- --- ----- ----- ----------------- ---------
192.0.2.3 128 Full/BDR 00:34 gre 1 192.0.2.3
192.0.2.2 128 Full/Other 00:30 gre 1 192.0.2.2 HUB# show ip route ospf
O E2 * 198.51.100.2/32 [150/1000/10000] via 192.0.2.3 on gre 1 [ospf1 08:38:10] (192.0.2.3)
O 192.0.2.0/24 [150/1000] dev gre 1 [ospf1 08:37:25 from 192.0.2.1] (192.0.2.1)
O E2 * 198.51.100.1/32 [150/1000/10000] via 192.0.2.2 on gre 1 [ospf1 08:37:25] (192.0.2.2) |
...
Вывод информации с SPOKE-12:
| панель |
|---|
Spoke2# show ip nhrp peers Tunnel address NBMA address Tunnel Expire Created Type Flags
(h:m:s) (d,h:m:s)
-------------------- ---------------- --------- --------- -------------- --------------- ----------
192.0.2.1 203.0.113.1 gre 1 -- 00,00:01:14 static RLCP Spoke2# show security ipsec vpn status
Name Local host Remote host Initiator spi Responder spi State
------------------------------- --------------- --------------- ------------------ ------------------ -----------
IPSECVPN_FOR_HUB 203.0.113.14 203.0.113.1 0xc7ca4f600d6cbc3b 0x144607b8843f35a1 Established
IPSECVPN_FOR_SPOKE 203.0.113.14 203.0.113.10 0xc3af94b444b03799 0x4127791794136e78 Established Spoke2# show ip ospf neighbors
Router ID Pri State DTime Interface Router IP
--------- --- ----- ----- ----------------- ---------
192.0.2.1 150 Full/DR 00:32 gre 1 192.0.2.1 Spoke2# show ip route ospf
O 192.0.2.0/24 [150/1000] dev gre 1 [ospf1 08:38:10 from 192.0.2.1] (192.0.2.1)
O E2 * 198.51.100.1/32 [150/1000/10000] via 192.0.2.2 on gre 1 [ospf1 08:38:10] (192.0.2.2)
|
...
