Cisco DMVPN 設定

VPN 如果只是兩個點對點的環境設定是非常簡單的,但是如果有很多的點需要設定VPN,那設定內容可能非常多(GRE點對點的設定),且不易管理,DMVPN就是來解決這個問題

1. DMVPN 架構圖
2. DMVPN 設定
3. 路由設定

1. DMVPN 架構圖
DMVPN
2. DMVPN 設定
HQ Router設定,部分不相關設定省略

HQ#show run int f0
interface FastEthernet0
description WAN
 ip address 60.250.126.177 255.255.255.0
 duplex auto
 speed auto
HQ#show run int f1
interface FastEthernet1
 description LAN
 ip address 192.168.1.2 255.255.255.0
 ip accounting output-packets
 duplex auto
 speed auto
HQ#show run int tu99
interface Tunnel99
 description DMVPN-HQ
 ip address 172.27.72.1 255.255.255.0
 no ip redirects
 ip nhrp authentication dmvpn
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 tunnel source 60.250.126.177
 tunnel mode gre multipoint

Branch office 1 Router設定,部分不相關設定省略

Branch-office-1#show run int f0
interface FastEthernet0
 description WAN
 ip address 211.72.164.223 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
Branch-office-1#show run int f1
interface FastEthernet1
 description LAN
 ip address 192.168.80.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
Branch-office-1#show run int tu99
interface Tunnel99
 description DMVPN-Branch_office1
 ip address 172.27.72.2 255.255.255.0
 no ip redirects
 ip nhrp authentication firewall
 ip nhrp map multicast dynamic
 ip nhrp map 172.27.72.1 60.250.126.177
 ip nhrp map multicast 60.250.126.177
 ip nhrp network-id 1
 ip nhrp nhs 172.27.72.1
 tunnel source FastEthernet0
 tunnel mode gre multipoint
Branch-office-2#show run int f0
interface FastEthernet0
 description WAN
 ip address 220.128.238.111 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto

Branch-office-2#show run int f1
interface FastEthernet1
 description LAN
 ip address 192.168.0.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
Branch-office-2#show run int tu99
interface Tunnel99
 description DMVPN-Branch_office2
 ip address 172.27.72.4 255.255.255.0
 no ip redirects
 ip nhrp authentication firewall
 ip nhrp map multicast dynamic
 ip nhrp map 172.27.72.1 60.250.126.177
 ip nhrp map multicast 60.250.126.177
 ip nhrp network-id 1
 ip nhrp nhs 172.27.72.1
 tunnel source FastEthernet0
 tunnel mode gre multipoint

三地查看DMVPN狀態
HQ Router

HQ#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
 N - NATed, L - Local, X - No Socket
 # Ent --> Number of NHRP entries with same NBMA peer
 NHS Status: E --> Expecting Replies, R --> Responding
 UpDn Time --> Up or Down Time for a Tunnel
========================================================

Interface: Tunnel99, IPv4 NHRP Details 
Type:Hub, NHRP Peers:2, 

 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
 1 211.72.164.223 172.27.72.2 UP 11:51:12 D
 1 220.128.238.111 172.27.72.4 UP 11:48:50 D

Branch office 1 Router

Branch-office-1#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
 N - NATed, L - Local, X - No Socket
 # Ent --> Number of NHRP entries with same NBMA peer
 NHS Status: E --> Expecting Replies, R --> Responding
 UpDn Time --> Up or Down Time for a Tunnel
========================================================

Interface: Tunnel99, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:1, 

 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
 1 60.250.126.177 172.27.72.1 UP 11:55:18 S

Branch office 2 Router

Branch-office-2#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
 N - NATed, L - Local, X - No Socket
 # Ent --> Number of NHRP entries with same NBMA peer
 NHS Status: E --> Expecting Replies, R --> Responding
 UpDn Time --> Up or Down Time for a Tunnel
========================================================
Interface: Tunnel99, IPv4 NHRP Details 
Type:Spoke, NHRP Peers:1, 

 # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
 ----- --------------- --------------- ----- -------- -----
 1 60.250.126.177 172.27.72.1 UP 04:01:44 S

3.路由設定
HQ 路由設定

HQ(config)#ip access-list standard acl_OSPF
HQ(config-std-nacl)#permit 192.168.10.0 0.0.0.255
HQ(config-std-nacl)#permit 192.168.20.0 0.0.0.255
HQ(config-std-nacl)#permit 192.168.121.0 0.0.0.255
HQ(config)#route-map OSPF permit 10
HQ(config-route-map)#match ip address acl_OSPF
HQ(config)#router ospf 99
HQ(config-router)#router-id 172.28.1.1
HQ(config-router)#network 192.168.1.0 0.0.0.255 area 0
HQ(config-router)#redistribute static subnets route-map OSPF
HQ(config)#int tu99
HQ(config-if)#ip ospf network broadcast
HQ(config-if)#ip ospf 99 area 0
interface Tunnel99
 description DMVPN-HQ
 ip address 172.27.72.1 255.255.255.0
 no ip redirects
 ip nhrp authentication firewall
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 ip ospf network broadcast
 ip ospf dead-interval 60
 ip ospf mtu-ignore
 ip ospf 99 area 0
 tunnel source 60.250.126.177
 tunnel mode gre multipoint
interface Loopback0
 description For Routing ID
 ip address 172.28.1.1 255.255.255.0
ip access-list standard acl_OSPF
 permit 192.168.10.0 0.0.0.255
 permit 192.168.20.0 0.0.0.255
 permit 192.168.121.0 0.0.0.255

route-map OSPF permit 10
 match ip address acl_OSPF
router ospf 99
 router-id 172.28.1.1
 log-adjacency-changes
 redistribute static subnets route-map OSPF
 network 192.168.1.0 0.0.0.255 area 0
HQ#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is 60.250.126.254 to network 0.0.0.0

S 192.168.121.0/24 [1/0] via 192.168.1.254
S 192.168.10.0/24 [1/0] via 192.168.1.254
 172.27.0.0/24 is subnetted, 1 subnets
C 172.27.72.0 is directly connected, Tunnel99
 172.28.0.0/32 is subnetted, 1 subnets
C 172.28.1.1 is directly connected, Loopback0
O 192.168.81.0/24 [110/1001] via 172.27.72.3, 00:15:47, Tunnel99
O 192.168.80.0/24 [110/1001] via 172.27.72.2, 00:15:37, Tunnel99
S 192.168.20.0/24 [1/0] via 192.168.1.254
O 192.168.0.0/24 [110/1001] via 172.27.72.4, 00:15:47, Tunnel99
C 192.168.1.0/24 is directly connected, FastEthernet1
 60.0.0.0/24 is subnetted, 1 subnets
C 60.250.126.0 is directly connected, FastEthernet0
S* 0.0.0.0/0 [1/0] via 60.250.126.254

Branch office 1 路由設定

Branch-office-1(config)#router ospf 99
Branch-office-1(config-router)#router-id 172.28.1.2
Branch-office-1(config-router)#network 192.168.80.0 0.0.0.255 area 0
Branch-office-1(config)#int tu99
Branch-office-1(config)#ip ospf network broadcast
Branch-office-1(config)#ip ospf 99 area 0
interface Tunnel99
 description DMVPN-Shintangu
 ip address 172.27.72.2 255.255.255.0
 no ip redirects
 ip nhrp authentication firewall
 ip nhrp map multicast dynamic
 ip nhrp map 172.27.72.1 60.250.126.177
 ip nhrp map multicast 60.250.126.177
 ip nhrp network-id 1
 ip nhrp nhs 172.27.72.1
 ip ospf network broadcast
 ip ospf dead-interval 60
 ip ospf priority 0
 ip ospf mtu-ignore
 ip ospf 99 area 0
 tunnel source FastEthernet0
 tunnel mode gre multipoint
interface Loopback0
 description For Routing ID
 ip address 172.28.1.2 255.255.255.255
router ospf 99
 router-id 172.28.1.2
 log-adjacency-changes
 network 192.168.80.0 0.0.0.255 area 0
Branch-office-1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is 211.72.164.254 to network 0.0.0.0

C 211.72.164.0/24 is directly connected, FastEthernet0
O E2 192.168.121.0/24 [110/20] via 172.27.72.1, 00:22:37, Tunnel99
O E2 192.168.10.0/24 [110/20] via 172.27.72.1, 00:22:37, Tunnel99
 172.16.0.0/24 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Vlan10
 172.27.0.0/24 is subnetted, 1 subnets
C 172.27.72.0 is directly connected, Tunnel99
 172.28.0.0/32 is subnetted, 1 subnets
C 172.28.1.2 is directly connected, Loopback0
O 192.168.81.0/24 [110/1001] via 172.27.72.3, 00:22:37, Tunnel99
C 192.168.80.0/24 is directly connected, FastEthernet1
O E2 192.168.20.0/24 [110/20] via 172.27.72.1, 00:22:37, Tunnel99
O 192.168.0.0/24 [110/1001] via 172.27.72.4, 00:22:37, Tunnel99
O 192.168.1.0/24 [110/1001] via 172.27.72.1, 00:22:37, Tunnel99
S* 0.0.0.0/0 [1/0] via 211.72.164.254

Branch office 2 路由設定

Branch-office-2(config)#router ospf 99
Branch-office-2(config-router)#router-id 172.28.1.3
Branch-office-2(config-router)#network 192.168.81.0 0.0.0.255 area 0
Branch-office-2(config)#int tu99
Branch-office-2(config)#ip ospf network broadcast
Branch-office-2(config)#ip ospf 99 area 0
interface Tunnel99
 description DMVPN-Shintangu
 ip address 172.27.72.3 255.255.255.0
 no ip redirects
 ip nhrp authentication firewall
 ip nhrp map multicast dynamic
 ip nhrp map 172.27.72.1 60.250.126.177
 ip nhrp map multicast 60.250.126.177
 ip nhrp network-id 1
 ip nhrp nhs 172.27.72.1
 ip ospf network broadcast
 ip ospf 99 area 0
 tunnel source FastEthernet0
 tunnel mode gre multipoint
interface Loopback0
 description For Routing ID
 ip address 172.28.1.3 255.255.255.255
router ospf 99
 router-id 172.28.1.3
 log-adjacency-changes
 network 192.168.81.0 0.0.0.255 area 0
Branch-office-2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is 61.219.221.254 to network 0.0.0.0

O E2 192.168.121.0/24 [110/20] via 172.27.72.1, 00:24:22, Tunnel99
O E2 192.168.10.0/24 [110/20] via 172.27.72.1, 00:24:22, Tunnel99
 172.27.0.0/24 is subnetted, 1 subnets
C 172.27.72.0 is directly connected, Tunnel99
 172.28.0.0/32 is subnetted, 1 subnets
C 172.28.1.3 is directly connected, Loopback0
C 192.168.81.0/24 is directly connected, FastEthernet1
O 192.168.80.0/24 [110/1001] via 172.27.72.2, 00:24:12, Tunnel99
O E2 192.168.20.0/24 [110/20] via 172.27.72.1, 00:24:22, Tunnel99
O 192.168.0.0/24 [110/1001] via 172.27.72.4, 00:24:22, Tunnel99
O 192.168.1.0/24 [110/1001] via 172.27.72.1, 00:24:22, Tunnel99
 61.0.0.0/24 is subnetted, 1 subnets
C 61.219.221.0 is directly connected, FastEthernet0
S* 0.0.0.0/0 [1/0] via 61.219.221.254

Refer:http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/901-cisco-router-dmvpn-configuration.html

Facebook Comments
machine rape hentai hentaihug.com read hentai magna
ladki chodna pornude.mobi bluefilm com video
hindi video new pornozavr.me gora aur kala
نيك عنيف مترجم 24h-porn.net ينيكها وهي نايمه
يشبفسثء freebigassporn.org فيلم اجنبى قليل الادب
elizabeth olsen bf blondeporntrends.com malayalam sexi
chudai karwai indiandesiclips.com bhabisex.com
haryana village sex video ganstagirls.net wwwxnxcom
bf sexy vidio indiantubetv.com bhaagamathie songs naa songs
open sex free brownporntube.info open dance
bp hd sexy palimas.mobi xexi movie
malayalifuck dunato.mobi sex vedios malayalam
sexy film video hindi mai collegeporntrends.com tamilplay.com 2015 movies download
hot romantic sex porn alohaporn.net xnxx japnese
دانا فسبولى arabicaporn.com مصريه متناكه