VPN(DMVPN その4)
「VPN(DMVPN その1)」~「VPN(DMVPN その3)」でDMVPNによるインターネットVPNの構築を行いました。ここでは、各ルータのコンフィグを紹介していきます。
各ルータの設定は次のようになります。
●Router_Aの設定
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set TS-IPSEC esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN-PROFILE
set transform-set TS-IPSEC
!
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nhrp authentication cisco
ip nhrp map multicast dynamic
ip nhrp network-id 1000
ip ospf network broadcast
ip ospf priority 255
tunnel source FastEthernet0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN-PROFILE
!
interface Ethernet0
ip address 172.16.0.1 255.255.0.0
half-duplex
!
interface FastEthernet0
ip address 20.0.0.1 255.0.0.0
speed auto
!
router ospf 1
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
●Router_Bの設定
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_B
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set TS-IPSEC esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN-PROFILE
set transform-set TS-IPSEC
!
interface Tunnel0
ip address 192.168.1.2 255.255.255.0
no ip redirects
ip nhrp authentication cisco
ip nhrp map multicast 20.0.0.1
ip nhrp map 192.168.1.1 20.0.0.1
ip nhrp network-id 1000
ip nhrp nhs 192.168.1.1
ip ospf network broadcast
ip ospf priority 0
tunnel source FastEthernet0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN-PROFILE
!
interface Ethernet0
ip address 172.17.0.1 255.255.0.0
half-duplex
no keepalive
!
interface FastEthernet0
ip address 20.0.0.2 255.0.0.0
speed auto
!
router ospf 1
log-adjacency-changes
network 172.17.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
●Router_Cの設定
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_C
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set TS-IPSEC esp-3des esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN-PROFILE
set transform-set TS-IPSEC
!
interface Tunnel0
ip address 192.168.1.3 255.255.255.0
no ip redirects
ip nhrp authentication cisco
ip nhrp map multicast 20.0.0.1
ip nhrp map 192.168.1.1 20.0.0.1
ip nhrp network-id 1000
ip nhrp nhs 192.168.1.1
ip nhrp nhs 20.0.0.1
ip ospf network broadcast
ip ospf priority 0
tunnel source FastEthernet0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN-PROFILE
!
interface Ethernet0
ip address 172.18.0.1 255.255.0.0
half-duplex
no keepalive
!
interface FastEthernet0
ip address 20.0.0.3 255.0.0.0
speed auto
!
router ospf 1
log-adjacency-changes
network 172.18.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
「VPN(DMVPN その5)」では、3拠点を介したDMVPNによるインターネットVPNの設定を検証していきます。