收藏 分销(赏)

dmvpn实例-dhcp-rtr-route-map实用配置.docx

上传人:仙人****88 文档编号:11959021 上传时间:2025-08-22 格式:DOCX 页数:8 大小:215.68KB 下载积分:10 金币
下载 相关 举报
dmvpn实例-dhcp-rtr-route-map实用配置.docx_第1页
第1页 / 共8页
dmvpn实例-dhcp-rtr-route-map实用配置.docx_第2页
第2页 / 共8页


点击查看更多>>
资源描述
dmvpn实例+dhcp+rtr+route-map实用配置 上海和北京2个spoke点(cisco831)我在机房用一台设备做hub.公网ip后来编辑的有点乱大家对照top图看吧 dmvpn配置大家都熟悉的,路由策略大家看top图就清楚了,不过路由怎么走,包括做的NAT,花了我很长时间叶请教了资深的CCIE,经过测试ok现在拿出来和大家分享 ios ver:c831-k9o3sy6-mz.124-4.T4.bin 机房hub config (相关配置) crypto isakmp policy 1 authentication pre-share crypto isakmp key asiavest address 0.0.0.0 0.0.0.0 no crypto isakmp ccm crypto ipsec transform-set set2 esp-des esp-md5-hmac mode transport ! crypto ipsec profile vpn-prof set transform-set set2 ! interface Tunnel1 bandwidth 512 ip address 10.255.255.1 255.255.255.0 no ip redirects ip nat inside ip nhrp authentication asiavest ip nhrp map multicast dynamic ip nhrp network-id 66 ip nhrp holdtime 300 ip virtual-reassembly ip policy route-map bj-xxx delay 100000 tunnel source FastEthernet0/1 tunnel mode gre multipoint tunnel key 6 tunnel protection ipsec profile vpn-prof ! interface FastEthernet0/0 ip address 210.243.aa.xx 255.255.255.224 ip nat outside ip virtual-reassembly duplex auto speed 10 ! interface FastEthernet0/1 ip address 210.17.bb.yy 255.255.255.224 duplex auto speed auto ! no ip classless ip route 0.0.0.0 0.0.0.0 210.17.bb.ccc ip route 192.168.1.0 255.255.255.0 10.255.255.3 ip route 192.168.2.0 255.255.255.0 10.255.255.2 ip route 218.242.dd.ff 255.255.255.255 210.17.bb.ccc ip route 222.66.94.zz 255.255.255.252 210.17.bb.ccc ! ! ip http server no ip http secure-server ip nat inside source list natuse interface FastEthernet0/0 overload ! ip access-list extended natuse permit ip 192.168.1.0 0.0.0.255 any permit ip 192.168.2.0 0.0.0.255 any ! access-list 115 deny ip 192.168.1.0 0.0.0.255 192.0.0.0 0.255.255.255 access-list 115 deny ip 192.168.2.0 0.0.0.255 192.0.0.0 0.255.255.255 access-list 115 permit ip 192.168.1.0 0.0.0.255 any access-list 115 permit ip 192.168.2.0 0.0.0.255 any ! route-map bj-xxx permit 10 match ip address 115 set ip next-hop 210.243.hh.gg ! 北京831配置北京采用adsl connect internet! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.2.32 192.168.2.254 ! ip dhcp pool z import all network 192.168.2.0 255.255.255.0 dns-server 202.145.138.200 202.145.138.1 210.82.8.1 210.82.5.1 default-router 192.168.2.254 netbios-node-type h-node ! ! ip cef ip sla 1 icmp-echo 10.255.255.1 source-ip 10.255.255.2 timeout 2000 frequency 30 ip sla schedule 1 start-time now vpdn enable ! ! ! ! ! ! track 1 rtr 1 reachability ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key asiavest address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set set2 esp-des esp-md5-hmac mode transport ! crypto ipsec profile vpn-prof set transform-set set2 ! ! ! ! ! interface Tunnel1 bandwidth 512 ip address 10.255.255.2 255.255.255.0 no ip redirects ip nhrp authentication asiavest ip nhrp map 10.255.255.1 210.17.bb.yy ip nhrp map multicast 210.17.bb.yy ip nhrp network-id 66 ip nhrp holdtime 300 ip nhrp nhs 10.255.255.1 load-interval 30 delay 100000 tunnel source Ethernet1 tunnel mode gre multipoint tunnel key 6 tunnel protection ipsec profile vpn-prof ! interface Ethernet0 ip address 192.168.2.254 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1344 ip policy route-map xxx ! interface Ethernet1 description WAN conn ADSL Modem ip address dhcp duplex auto ! interface Ethernet2 no ip address shutdown ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Dialer1 no ip address ! ip classless ! ip http server no ip http secure-server ! ip nat inside source list 199 interface Dialer1 overload ! access-list 100 permit ip 192.168.2.0 0.0.0.255 any access-list 199 permit ip 192.168.2.0 0.0.0.255 any ! route-map xxx permit 10 match ip address 100 set ip next-hop 10.255.255.1 上海-831 有固定ip no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 192.168.1.10 ! ip dhcp pool z import all network 192.168.1.0 255.255.255.0 dns-server 202.145.138.200 202.145.138.1 210.82.8.1 210.82.5.1 default-router 192.168.1.1 netbios-node-type h-node ! ! ip cef ip sla 1 icmp-echo 10.255.255.1 source-ip 10.255.255.3 timeout 2000 frequency 30 ip sla schedule 1 start-time now vpdn enable ! ! ! ! ! ! track 1 rtr 1 reachability ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key asiavest address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set set2 esp-des esp-md5-hmac mode transport ! crypto ipsec profile vpn-prof set transform-set set2 ! ! ! ! ! interface Tunnel1 bandwidth 512 ip address 10.255.255.3 255.255.255.0 no ip redirects ip nhrp authentication asiavest ip nhrp map 10.255.255.1 210.17.bb.yyy ip nhrp map multicast 210.17.bb.yyy ip nhrp network-id 66 ip nhrp holdtime 300 ip nhrp nhs 10.255.255.1 load-interval 30 delay 100000 tunnel source Ethernet1 tunnel mode gre multipoint tunnel key 6 tunnel protection ipsec profile vpn-prof ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1344 ip policy route-map yyy ! interface Ethernet1 description WAN conn ip address 222.66.aa.bb 255.255.255.252 duplex auto ! interface Ethernet2 no ip address shutdown ! interface FastEthernet1 duplex auto speed auto ! interface FastEthernet2 duplex auto speed auto ! interface FastEthernet3 duplex auto speed auto ! interface FastEthernet4 duplex auto speed auto ! interface Dialer1 no ip address ! ip classless ! ip http server no ip http secure-server ! ip nat inside source list 199 interface Ethernet1 overload ! ip route 0.0.0.0 0.0.0.0 222.66.aa.ff ! access-list 100 permit ip 192.168.1.0 0.0.0.255 any access-list 199 permit ip 192.168.1.0 0.0.0.255 any ! route-map yyy permit 10 match ip address 100 set ip next-hop 10.255.255.1 ! 相关调试命令 show crypto ipsec sa show crypto isakmp sa show crypto se show dmvpn show ip nhrp traffic
展开阅读全文

开通  VIP会员、SVIP会员  优惠大
下载10份以上建议开通VIP会员
下载20份以上建议开通SVIP会员


开通VIP      成为共赢上传

当前位置:首页 > 包罗万象 > 大杂烩

移动网页_全站_页脚广告1

关于我们      便捷服务       自信AI       AI导航        抽奖活动

©2010-2026 宁波自信网络信息技术有限公司  版权所有

客服电话:0574-28810668  投诉电话:18658249818

gongan.png浙公网安备33021202000488号   

icp.png浙ICP备2021020529号-1  |  浙B2-20240490  

关注我们 :微信公众号    抖音    微博    LOFTER 

客服