История страницы

HUB-1# show running-config 
hostname HUB-1

router ospf log-adjacency-changes
router ospf 1
  router-id 192.0.2.1
  area 0.0.0.1
    enable
  exit
  enable
exit

interface gigabitethernet 1/0/1
  ip firewall disable
  ip address 203.0.113.2/30
exit
tunnel gre 1
  ttl 255
  mtu 1400
  multipoint
  ip firewall disable
  local address 203.0.113.2
  ip address 192.0.2.1/24
  ip ospf instance 1
  ip ospf area 0.0.0.1
  ip ospf priority 255
  ip ospf
  ip tcp adjust-mss 1340
  ip nhrp ipsec ipsec_dynamic dynamic
  ip nhrp multicast dynamic
  ip nhrp enable
  enable
exit

security ike proposal ike_prop
  authentication algorithm md5
  encryption algorithm aes128
  dh-group 2
exit

security ike policy ike_pol
  pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
  proposal ike_prop
exit

security ike gateway ike_dynamic
  ike-policy ike_pol
  local address 203.0.113.2
  local network 203.0.113.2/32 protocol gre 
  remote address any
  remote network any protocol gre 
  mode policy-based
exit

security ipsec proposal ipsec_prop
  authentication algorithm md5
  encryption algorithm aes128
exit

security ipsec policy ipsec_pol
  proposal ipsec_prop
exit

security ipsec vpn ipsec_dynamic
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_dynamic
  ike ipsec-policy ipsec_pol
  enable
exit

ip route 203.0.113.12/30 203.0.113.1
ip route 203.0.113.4/30 203.0.113.1
ip route 203.0.113.8/30 203.0.113.1

HUB-2# show running-config 
hostname HUB-2

router ospf log-adjacency-changes
router ospf 1
  router-id 192.0.2.101
  area 0.0.0.1
    enable
  exit
  enable
exit

interface gigabitethernet 1/0/1
  ip firewall disable
  ip address 203.0.113.6/30
exit
tunnel gre 1
  ttl 255
  mtu 1400
  multipoint
  ip firewall disable
  local address 203.0.113.6
  ip address 192.0.2.101/24
  ip ospf instance 1
  ip ospf area 0.0.0.1
  ip ospf priority 254
  ip ospf
  ip tcp adjust-mss 1340
  ip nhrp map 192.0.2.1 203.0.113.2
  ip nhrp nhs 192.0.2.1/24
  ip nhrp multicast 192.0.2.1
  ip nhrp ipsec ipsec_dynamic dynamic
  ip nhrp ipsec ipsec_hub1 static
  ip nhrp multicast dynamic
  ip nhrp enable
  enable
exit

security ike proposal ike_prop
  authentication algorithm md5
  encryption algorithm aes128
  dh-group 2
exit

security ike policy ike_pol
  pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
  proposal ike_prop
exit

security ike gateway ike_dynamic
  ike-policy ike_pol
  local address 203.0.113.6
  local network 203.0.113.6/32 protocol gre 
  remote address any
  remote network any protocol gre 
  mode policy-based
exit

security ike gateway ike_hub1
  ike-policy ike_pol
  local address 203.0.113.6
  local network 203.0.113.6/32 protocol gre 
  remote address 203.0.113.2
  remote network 203.0.113.2/32 protocol gre 
  mode policy-based
exit

security ipsec proposal ipsec_prop
  authentication algorithm md5
  encryption algorithm aes128
exit

security ipsec policy ipsec_pol
  proposal ipsec_prop
exit

security ipsec vpn ipsec_dynamic
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_dynamic
  ike ipsec-policy ipsec_pol
  enable
exit

security ipsec vpn ipsec_hub1
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_hub1
  ike ipsec-policy ipsec_pol
  enable
exit

ip route 203.0.113.0/30 203.0.113.5
ip route 203.0.113.12/30 203.0.113.5
ip route 203.0.113.8/30 203.0.113.5

SPOKE-1# show running-config 
hostname SPOKE-1

router ospf log-adjacency-changes
router ospf 1
  router-id 192.0.2.2
  area 0.0.0.1
    network 198.51.100.1/32
    enable
  exit
  enable
exit

interface gigabitethernet 1/0/1
  ip firewall disable
  ip address 203.0.113.10/30
exit
interface loopback 1
  ip address 198.51.100.1/32
exit
tunnel gre 1
  ttl 255
  mtu 1400
  multipoint
  ip firewall disable
  local address 203.0.113.10
  ip address 192.0.2.2/24
  ip ospf instance 1
  ip ospf area 0.0.0.1
  ip ospf priority 0
  ip ospf
  ip tcp adjust-mss 1340
  ip nhrp map 192.0.2.1 203.0.113.2
  ip nhrp map 192.0.2.101 203.0.113.6
  ip nhrp nhs 192.0.2.1/24
  ip nhrp nhs 192.0.2.101/24
  ip nhrp multicast 192.0.2.1
  ip nhrp multicast 192.0.2.101
  ip nhrp ipsec ipsec_hub1 static
  ip nhrp ipsec ipsec_hub2 static
  ip nhrp ipsec ipsec_dynamic dynamic
  ip nhrp enable
  enable
exit

security ike proposal ike_prop
  authentication algorithm md5
  encryption algorithm aes128
  dh-group 2
exit

security ike policy ike_pol
  pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
  proposal ike_prop
exit

security ike gateway ike_dynamic
  ike-policy ike_pol
  local address 203.0.113.10
  local network 203.0.113.10/32 protocol gre 
  remote address any
  remote network any protocol gre 
  mode policy-based
exit

security ike gateway ike_hub1
  ike-policy ike_pol
  local address 203.0.113.10
  local network 203.0.113.10/32 protocol gre 
  remote address 203.0.113.2
  remote network 203.0.113.2/32 protocol gre 
  mode policy-based
exit

security ike gateway ike_hub2
  ike-policy ike_pol
  local address 203.0.113.10
  local network 203.0.113.10/32 protocol gre 
  remote address 203.0.113.6
  remote network 203.0.113.6/32 protocol gre 
  mode policy-based
exit

security ipsec proposal ipsec_prop
  authentication algorithm md5
  encryption algorithm aes128
exit

security ipsec policy ipsec_pol
  proposal ipsec_prop
exit

security ipsec vpn ipsec_dynamic
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_dynamic
  ike ipsec-policy ipsec_pol
  enable
exit

security ipsec vpn ipsec_hub1
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_hub1
  ike ipsec-policy ipsec_pol
  enable
exit

security ipsec vpn ipsec_hub2
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_hub2
  ike ipsec-policy ipsec_pol
  enable
exit

ip route 203.0.113.0/30 203.0.113.9
ip route 203.0.113.12/30 203.0.113.9
ip route 203.0.113.4/30 203.0.113.9

SPOKE-2# show running-config 
hostname SPOKE-2

router ospf log-adjacency-changes
router ospf 1
  router-id 192.0.2.3
  area 0.0.0.1
    network 198.51.100.2/32
    enable
  exit
  enable
exit

interface gigabitethernet 1/0/1
  ip firewall disable
  ip address 203.0.113.14/30
exit
interface loopback 1
  ip address 198.51.100.2/32
exit
tunnel gre 1
  ttl 255
  mtu 1400
  multipoint
  ip firewall disable
  local address 203.0.113.14
  ip address 192.0.2.3/24
  ip ospf instance 1
  ip ospf area 0.0.0.1
  ip ospf priority 0
  ip ospf
  ip tcp adjust-mss 1340
  ip nhrp map 192.0.2.1 203.0.113.2
  ip nhrp map 192.0.2.101 203.0.113.6
  ip nhrp nhs 192.0.2.1/24
  ip nhrp nhs 192.0.2.101/24
  ip nhrp multicast 192.0.2.1
  ip nhrp multicast 192.0.2.101
  ip nhrp ipsec ipsec_hub1 static
  ip nhrp ipsec ipsec_hub2 static
  ip nhrp ipsec ipsec_dynamic dynamic
  ip nhrp enable
  enable
exit

security ike proposal ike_prop
  authentication algorithm md5
  encryption algorithm aes128
  dh-group 2
exit

security ike policy ike_pol
  pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
  proposal ike_prop
exit

security ike gateway ike_dynamic
  ike-policy ike_pol
  local address 203.0.113.14
  local network 203.0.113.14/32 protocol gre 
  remote address any
  remote network any protocol gre 
  mode policy-based
exit

security ike gateway ike_hub1
  ike-policy ike_pol
  local address 203.0.113.14
  local network 203.0.113.14/32 protocol gre 
  remote address 203.0.113.2
  remote network 203.0.113.2/32 protocol gre 
  mode policy-based
exit

security ike gateway ike_hub2
  ike-policy ike_pol
  local address 203.0.113.14
  local network 203.0.113.14/32 protocol gre 
  remote address 203.0.113.6
  remote network 203.0.113.6/32 protocol gre 
  mode policy-based
exit

security ipsec proposal ipsec_prop
  authentication algorithm md5
  encryption algorithm aes128
exit

security ipsec policy ipsec_pol
  proposal ipsec_prop
exit

security ipsec vpn ipsec_dynamic
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_dynamic
  ike ipsec-policy ipsec_pol
  enable
exit

security ipsec vpn ipsec_hub1
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_hub1
  ike ipsec-policy ipsec_pol
  enable
exit

security ipsec vpn ipsec_hub2
  mode ike
  type transport
  ike establish-tunnel route
  ike gateway ike_hub2
  ike ipsec-policy ipsec_pol
  enable
exit

ip route 203.0.113.0/30 203.0.113.13
ip route 203.0.113.4/30 203.0.113.13
ip route 203.0.113.8/30 203.0.113.13