tech:network:cisco:vpn:tunneling:dmvpn:dmvpn
Table of Contents
Cisco: DMVPN
Topology: mGRE + NHRP + OSPF
Preparation
Project name: ccna-vpn-gre-0003-gre-over-ipsec-1-n
Project name:
ccna-vpn-dmvpn-0001-mgre+nhrp
- R1
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 100.0.0.1 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@example.com ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
- R2
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 200.0.0.2 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@example.com ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
- R6
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 106.0.0.6 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@isp3.pg1x.net ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
Configure
- R1(NHS, Hub)
configure terminal ! interface tunnel0 ip address 172.16.0.1 255.255.255.0 tunnel source 100.0.0.1 tunnel mode gre multipoint ! ip nhrp network-id 100 ip nhrp map multicast dyanmic ! ip ospf network broadcast exit ! router ospf 1 network 172.16.0.1 0.0.0.0 area 0 network 10.100.0.1 0.0.0.0 area 0 exit ! end
- R2(NHC, Spoke)
configure terminal ! interface tunnel0 ip address 172.16.0.2 255.255.255.0 tunnel source 200.0.0.2 tunnel mode gre multipoint ! ip nhrp network-id 100 ip nhrp nhs 172.16.0.1 ip nhrp map 172.16.0.1 100.0.0.1 ip nhrp map multicast 100.0.0.1 ! ip ospf network broadcast ip ospf priority 0 exit ! router ospf 1 network 172.16.0.2 0.0.0.0 area 0 network 10.200.0.2 0.0.0.0 area 0 exit ! end
- R6(NHC, Spoke)
configure terminal ! interface tunnel0 ip address 172.16.0.6 255.255.255.0 tunnel source 106.0.0.6 tunnel mode gre multipoint ! ip nhrp network-id 100 ip nhrp nhs 172.16.0.1 ip nhrp map 172.16.0.1 100.0.0.1 ip nhrp map multicast 100.0.0.1 ! ip ospf network broadcast ip ospf priority 0 exit ! router ospf 1 network 172.16.0.6 0.0.0.0 area 0 network 10.6.0.6 0.0.0.0 area 0 exit ! end
Topology: DMVPN + OSPF
mGRE + NHRP + IPsec + OSPF
figure ip is messed
Preparation
Project name: ccna-vpn-gre-0003-gre-over-ipsec-1-n
Project name:
ccna-vpn-dmvpn-0001-mgre+nhrp
- R1
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 100.0.0.1 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@example.com ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
- R2
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 200.0.0.2 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@example.com ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
- R6
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 106.0.0.6 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@isp3.pg1x.net ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
Configuration
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#cry R1(config)#crypto isakm R1(config)#crypto isakmp po R1(config)#crypto isakmp policy 1 R1(config-isakmp)#er R1(config-isakmp)#enc R1(config-isakmp)#encryption 3de R1(config-isakmp)#encryption 3des *Apr 30 05:20:01.738: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification R1(config-isakmp)#encryption 3des R1(config-isakmp)#ha R1(config-isakmp)#hash md R1(config-isakmp)#hash md5 R1(config-isakmp)#auth R1(config-isakmp)#authentication pre R1(config-isakmp)#authentication pre-share R1(config-isakmp)#gr R1(config-isakmp)#group 2 R1(config-isakmp)#cr R1(config-isakmp)#cry R1(config-isakmp)#cryp R1(config-isakmp)#exit R1(config)#cry R1(config)#crypto isak R1(config)#crypto isakmp ke R1(config)#crypto isakmp kecis R1(config)#crypto isakmp key R1(config)#crypto isakmp key cis R1(config)#crypto isakmp key cisco address 0.0.0.0 R1(config)#cry R1(config)#crypto isakm R1(config)#crypto isakmp kee R1(config)#crypto isakmp keepalive 30 R1(config)#cry R1(config)#crypto ipse R1(config)#crypto ipsec trans R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac R1(cfg-crypto-trans)#mod R1(cfg-crypto-trans)#mode trans R1(cfg-crypto-trans)#mode transport R1(cfg-crypto-trans)#exit R1(config)#cry R1(config)#crypto ip R1(config)#crypto ipsec pro R1(config)#crypto ipsec profile PRO-DMVPN1 R1(ipsec-profile)#set tra R1(ipsec-profile)#set transform-set TS-IPSEC1 R1(ipsec-profile)#exit R1(config)#int tun0 R1(config-if)# *Apr 30 05:21:41.298: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down R1(config-if)#exit R1(config)#interface GigabitEthernet 0/1 R1(config-if)#no ip address R1(config-if)#pppoe enable group global R1(config-if)#pppoe-client dial-pool-number 10 R1(config-if)#exit R1(config)#! R1(config)#interface GigabitEthernet 0/0 R1(config-if)#ip tcp adjust-mss 1356 R1(config-if)#exit R1(config)#! R1(config)#interface Loopback 1 R1(config-if)#ip address 100.0.0.1 255.255.255.255 R1(config-if)#exit R1(config)# *Apr 30 05:22:19.367: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up! R1(config)#interface Dialer 1 R1(config-if)#ip unnumbered Loopback 1 R1(config-if)#ip mtu 1454 R1(config-if)#encapsulation ppp R1(config-if)#dialer pool 10 R1(config-if)#dialer-group 20 R1(config-if)#ppp authentication chap callin R1(config-if)#ppp chap hostname ccie@example.com R1(config-if)#ppp chap password cc13 R1(config-if)#no shutdown R1(config-if)#exit R1(config)#! R1(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1 R1(config)#! R1(config)#dialer-list 20 protocol ip permit R1(config)# *Apr 30 05:22:19.374: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up R1(config)# *Apr 30 05:22:20.608: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up R1(config)# *Apr 30 05:22:23.907: %DIALER-6-BIND: Interface Vi2 bound to profile Di1 *Apr 30 05:22:23.913: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up R1(config)# *Apr 30 05:22:27.578: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up R1(config)#int tun0 R1(config-if)#ip add R1(config-if)#ip address 172.16.0.1 255.255.255.0 R1(config-if)#tunn R1(config-if)#tunnel sou R1(config-if)#tunnel source 100.0.0.1 R1(config-if)#tunn R1(config-if)#tunnel mo R1(config-if)#tunnel mode gr R1(config-if)#tunnel mode gre mu R1(config-if)#tunnel mode gre multipoint R1(config-if)# *Apr 30 05:23:40.321: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up R1(config-if)#tunn R1(config-if)#tunnel ke R1(config-if)#tunnel key ? <0-4294967295> key R1(config-if)#tunnel key 10 R1(config-if)#tunn R1(config-if)#tunnel p R1(config-if)#tunnel pr R1(config-if)#tunnel protection ? ipsec Use ipsec to protect this tunnel interface R1(config-if)#tunnel protection ipse R1(config-if)#tunnel protection ipsec pro R1(config-if)#tunnel protection ipsec profile PRO-DMVPN1 R1(config-if)#ip *Apr 30 05:24:06.952: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON R1(config-if)#ip nhr R1(config-if)#ip nhrp netwo R1(config-if)#ip nhrp network-id 100 R1(config-if)#ip nhr R1(config-if)#ip nhrp ma R1(config-if)#ip nhrp map mul R1(config-if)#ip nhrp map multicast dyn R1(config-if)#ip nhrp map multicast dynamic R1(config-if)#ip os R1(config-if)#ip ospf net R1(config-if)#ip ospf network bro R1(config-if)#ip ospf network broadcast R1(config-if)#router ospf 1 R1(config-router)#netwo R1(config-router)#network 172.16.0.1 0.0.0.0 area 0 R1(config-router)#netow R1(config-router)#netwo R1(config-router)#network 10.100.0.1 0.0.0.0 area 0.0.0.0 R1(config-router)# *Apr 30 05:29:36.515: %OSPF-5-ADJCHG: Process 1, Nbr 200.0.0.2 on Tunnel0 from LOADING to FULL, Loading Done R1(config-router)# *Apr 30 05:36:53.851: %OSPF-5-ADJCHG: Process 1, Nbr 106.0.0.6 on Tunnel0 from LOADING to FULL, Loading Done R1(config-router)# *Apr 30 05:37:23.294: %OSPF-5-ADJCHG: Process 1, Nbr 106.0.0.6 on Tunnel0 from LOADING to FULL, Loading Done
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#
*Apr 30 05:20:02.197: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification
R2(config)#interface GigabitEthernet 0/1
R2(config-if)#no ip address
R2(config-if)#pppoe enable group global
R2(config-if)#pppoe-client dial-pool-number 10
R2(config-if)#exit
R2(config)#!
R2(config)#interface GigabitEthernet 0/0
R2(config-if)#ip tcp adjust-mss 1356
R2(config-if)#exit
R2(config)#!
R2(config)#interface Loopback 1
R2(config-if)#ip address 200.0.0.2 255.255.255.255
*Apr 30 05:22:31.533: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R2(config-if)#exit
R2(config)#!
R2(config)#interface Dialer 1
R2(config-if)#ip unnumbered Loopback 1
R2(config-if)#ip mtu 1454
R2(config-if)#encapsulation ppp
R2(config-if)#dialer pool 10
R2(config-if)#dialer-group 20
R2(config-if)#ppp authentication chap callin
R2(config-if)#ppp chap hostname ccie@example.com
R2(config-if)#ppp chap password cc13
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#!
R2(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R2(config)#!
R2(config)#dialer-list 20 protocol ip permit
R2(config)#
*Apr 30 05:22:31.540: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R2(config)#
*Apr 30 05:22:32.746: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
R2(config)#
*Apr 30 05:22:35.920: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 05:22:35.925: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
R2(config)#
*Apr 30 05:22:39.598: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R2(config)#cry
R2(config)#crypto isakm
R2(config)#crypto isakmp po
R2(config)#crypto isakmp policy 1
R2(config-isakmp)#enc
R2(config-isakmp)#encryption 3des
R2(config-isakmp)#has
R2(config-isakmp)#hash md
R2(config-isakmp)#hash md5
R2(config-isakmp)#aut
R2(config-isakmp)#authentication pre
R2(config-isakmp)#authentication pre-share
R2(config-isakmp)#gor
R2(config-isakmp)#gr
R2(config-isakmp)#group 2
R2(config-isakmp)#exit
R2(config)#cry
R2(config)#crypto isakm
R2(config)#crypto isakmp key
R2(config)#crypto isakmp key cisco address 0.0.0.0
R2(config)#cry
R2(config)#crypto isakm
R2(config)#crypto isakmp kee
R2(config)#crypto isakmp keepalive 30
R2(config)#cry
R2(config)#crypto ipse
R2(config)#crypto ipsec trans
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac
R2(cfg-crypto-trans)#mode
R2(cfg-crypto-trans)#mode tra
R2(cfg-crypto-trans)#mode transport
R2(cfg-crypto-trans)#exit
R2(config)#cry
R2(config)#crypto ipse
R2(config)#crypto ipsec pro
R2(config)#crypto ipsec profile PRO-DMVPN1
R2(ipsec-profile)#set tran
R2(ipsec-profile)#set transform-set TS-IPSEC1
R2(ipsec-profile)#int tun0
R2(config-if)#ip ad
*Apr 30 05:27:32.893: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R2(config-if)#ip add
R2(config-if)#ip address 172.16.0.2 255.255.255.0
R2(config-if)#tun
R2(config-if)#tunnel so
R2(config-if)#tunnel source 200.0.0.2
R2(config-if)#tunn
R2(config-if)#tunnel mo
R2(config-if)#tunnel mode gr
R2(config-if)#tunnel mode gre mu
R2(config-if)#tunnel mode gre multipoint
R2(config-if)#tunn
R2(config-if)#tunnel ke
R2(config-if)#tunnel key 10
R2(config-if)#tunn
R2(config-if)#tunnel p
R2(config-if)#tunnel pr
R2(config-if)#tunnel protection
*Apr 30 05:28:01.916: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R2(config-if)#tunnel protection ipse
R2(config-if)#tunnel protection ipsec pro
R2(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R2(config-if)#
*Apr 30 05:28:15.230: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R2(config-if)#ip nhrp netwo
R2(config-if)#ip nhrp network-id 100
R2(config-if)#ip nhr
R2(config-if)#ip nhrp nhs 172.16.0.1
R2(config-if)#ip nhr
R2(config-if)#ip nhrp map 172.16.0.1 100.0.0.1
R2(config-if)#ip nh
R2(config-if)#ip nhrp ma
R2(config-if)#ip nhrp map
R2(config-if)#ip nhrp map mut
R2(config-if)#ip nhrp map mul,
R2(config-if)#ip nhrp map mul
R2(config-if)#ip nhrp map multicast 100.0.0.1
R2(config-if)#ip os
R2(config-if)#ip ospf netwo
R2(config-if)#ip ospf network bro
R2(config-if)#ip ospf network broadcast
R2(config-if)#ip osp
R2(config-if)#ip ospf pri
R2(config-if)#ip ospf priority 0
R2(config-if)#router ospf 1
R2(config-router)#netw
R2(config-router)#network 172.16.0.2 0.0.0.0 area 0.0.0.0
R2(config-router)#netow
*Apr 30 05:29:38.381: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R2(config-router)#netwo
R2(config-router)#network 10.200.0.2 0.0.0.0 area 0
R2(config-router)#^Z
R2#sh ip ro
*Apr 30 05:30:05.235: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.100.0.0/24 [110/1001] via 172.16.0.1, 00:00:25, Tunnel0
R2#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/15/21 ms
R6#
R6#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#
*Apr 30 05:20:04.198: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification
R6(config)#interface GigabitEthernet 0/1
R6(config-if)#no ip address
R6(config-if)#pppoe enable group global
R6(config-if)#pppoe-client dial-pool-number 10
R6(config-if)#exit
R6(config)#!
R6(config)#interface GigabitEthernet 0/0
R6(config-if)#ip tcp adjust-m
*Apr 30 05:22:45.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to upss 1356
R6(config-if)#exit
R6(config)#!
R6(config)#interface Loopback 1
R6(config-if)#ip address 106.0.0.6 255.255.255.255
R6(config-if)#exit
R6(config)#!
R6(config)#interface Dialer 1
R6(config-if)#ip unnumbered Loopback 1
R6(config-if)#ip mtu 1454
R6(config-if)#encapsulation ppp
R6(config-if)#dialer pool 10
R6(config-if)#dialer-group 20
R6(config-if)#ppp authentication chap callin
R6(config-if)#ppp chap hostname ccie@isp3.pg1x.net
R6(config-if)#ppp chap password cc13
R6(config-if)#no shutdown
R6(config-if)#exit
R6(config)#!
R6(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R6(config)#!
R6(config)#dialer-list 20 protocol ip permit
R6(config)#
*Apr 30 05:22:45.578: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R6(config)#
*Apr 30 05:22:46.852: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
R6(config)#
*Apr 30 05:22:50.065: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 05:22:50.071: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
R6(config)#
*Apr 30 05:22:54.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R6(config)#cry
R6(config)#crypto i
R6(config)#crypto isa
R6(config)#crypto isakmp poli
R6(config)#crypto isakmp policy 1
R6(config-isakmp)#ecn
R6(config-isakmp)#enc
R6(config-isakmp)#en
R6(config-isakmp)#e
R6(config-isakmp)#e
R6(config-isakmp)#e
R6(config-isakmp)#e
R6(config-isakmp)#en
R6(config-isakmp)#encryption 3de
R6(config-isakmp)#encryption 3des
R6(config-isakmp)#ha
R6(config-isakmp)#hash md
R6(config-isakmp)#hash md5
R6(config-isakmp)#aut
R6(config-isakmp)#authentication pre
R6(config-isakmp)#authentication pre-share
R6(config-isakmp)#gro
R6(config-isakmp)#group 2
R6(config-isakmp)#cry
R6(config-isakmp)#exit
R6(config)#cry
R6(config)#crypto isak
R6(config)#crypto isakmp ke
R6(config)#crypto isakmp key
R6(config)#crypto isakmp key cis
R6(config)#crypto isakmp key cisc
R6(config)#crypto isakmp key cisco addre
R6(config)#crypto isakmp key cisco address ?
A.B.C.D Peer IP address
ipv6 define shared key with IPv6 address
R6(config)#crypto isakmp key cisco address 0.0.0.0
R6(config)#cry
R6(config)#crypto i
R6(config)#crypto isa
R6(config)#crypto isakmp kee
R6(config)#crypto isakmp keepalive 30
R6(config)#cry
R6(config)#crypto ipse
R6(config)#crypto ipsec tra
R6(config)#crypto ipsec transform-set TS-IPSEC1 es
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des es
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac
R6(cfg-crypto-trans)#mod
R6(cfg-crypto-trans)#mode tra
R6(cfg-crypto-trans)#mode transport
R6(cfg-crypto-trans)#exit
R6(config)#cry
R6(config)#crypto ip
R6(config)#crypto ipsec pro
R6(config)#crypto ipsec profile PRO-DMVPN1
R6(ipsec-profile)#set tra
R6(ipsec-profile)#set transform-set TS-IPSEC1
R6(ipsec-profile)#int tun0
R6(config-if)#ip add
R6(config-if)#ip address
*Apr 30 05:32:56.786: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R6(config-if)#ip address 172.16.0.6 255.255.255.0
R6(config-if)#tunn
R6(config-if)#tunnel so
R6(config-if)#tunnel source 106.0.0.6
R6(config-if)#tunn
R6(config-if)#tunnel m
R6(config-if)#tunnel mo
R6(config-if)#tunnel mode gr
R6(config-if)#tunnel mode gre mu
R6(config-if)#tunnel mode gre multipoint
R6(config-if)#tunn
R6(config-if)#tunnel ke
R6(config-if)#tunnel key 10
R6(config-if)#tunn
R6(config-if)#tunnel pro
R6(config-if)#tunnel protection
*Apr 30 05:35:45.806: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R6(config-if)#tunnel protection ipse
R6(config-if)#tunnel protection ipsec pro
R6(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R6(config-if)#ip nh
R6(config-if)#ip nhrp
*Apr 30 05:35:54.517: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R6(config-if)#ip nhrp netwo
R6(config-if)#ip nhrp network-id 100
R6(config-if)#ip nh
R6(config-if)#ip nhrp nhs 172.16.0.1
R6(config-if)#ip nhr
R6(config-if)#ip nhrp map 172.16.0.1 100.0.0.1
R6(config-if)#ip nh
R6(config-if)#ip nhrp map
R6(config-if)#ip nhrp map mul
R6(config-if)#ip nhrp map multicast 100.0.0.1
R6(config-if)#ip os
R6(config-if)#ip ospf pri
R6(config-if)#ip ospf priority 0
R6(config-if)#rou
R6(config-if)#router ospf 1
R6(config-router)#netwo
R6(config-router)#network 172.16.0.6 0.0.0.0 area 0
R6(config-router)#net
*Apr 30 05:36:55.188: %OSPF-4-NET_TYPE_MISMATCH: Received Hello from 100.0.0.1 on Tunnel0 indicating a potential
network type mismatch
R6(config-router)#netwo
R6(config-router)#network
*Apr 30 05:36:55.267: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R6(config-router)#int tun0
R6(config-if)#ip os
R6(config-if)#ip ospf netwo
R6(config-if)#ip ospf network bro
R6(config-if)#ip ospf network broadcast
R6(config-if)#
*Apr 30 05:37:24.595: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Apr 30 05:37:24.689: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R6(config-if)#router ospf 1
R6(config-router)#netwo
R6(config-router)#knetwonetwork 172.16.0.6
R6(config-router)#netwo
R6(config-router)#network 10.6.0.6 0.0.0.0 area
R6(config-router)#network 10.6.0.6 0.0.0.0 area 0
R6(config-router)#^Z
R6#sh ip
*Apr 30 05:38:09.275: %SYS-5-CONFIG_I: Configured from console by console
R6#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.100.0.0/24 [110/1001] via 172.16.0.1, 00:00:43, Tunnel0
O 10.200.0.0/24 [110/1001] via 172.16.0.2, 00:00:43, Tunnel0
R6#ping 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/19 ms
R6#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/54/79 ms
R6#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 13/262/1010 ms
R6#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/17/23 ms
R6#ping 10.200.0.202
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.0.202, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/24 ms
Topology: PPPoE + DMVPN + OSPF
PPPoE + mGRE + NHRP + IPsec + OSPF
figure ip is messed
Preparation
Project name: ccna-vpn-gre-0003-gre-over-ipsec-1-n
Project name:
ccna-vpn-dmvpn-0001-mgre+nhrp
Configuration
- R1
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 100.0.0.1 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@example.com ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
- R2
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 200.0.0.2 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@example.com ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
- R6
configure terminal ! interface GigabitEthernet 0/1 no ip address pppoe enable group global pppoe-client dial-pool-number 10 exit ! interface GigabitEthernet 0/0 ip tcp adjust-mss 1356 exit ! interface Loopback 1 ip address 106.0.0.6 255.255.255.255 exit ! interface Dialer 1 ip unnumbered Loopback 1 ip mtu 1454 encapsulation ppp dialer pool 10 dialer-group 20 ppp authentication chap callin ppp chap hostname ccie@isp3.pg1x.net ppp chap password cc13 no shutdown exit ! ip route 0.0.0.0 0.0.0.0 Dialer 1 ! dialer-list 20 protocol ip permit ! end
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#cry
R1(config)#crypto iksa
R1(config)#crypto iksak
R1(config)#cryp
R1(config)#crypto isakm
R1(config)#crypto isakmp poli
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#ecn
R1(config-isakmp)#en
R1(config-isakmp)#encryption 3de
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#ha
R1(config-isakmp)#hash md
R1(config-isakmp)#hash md5 atu
R1(config-isakmp)#hash md5
R1(config-isakmp)#auth
R1(config-isakmp)#authentication pre
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#gro
R1(config-isakmp)#group 2
R1(config-isakmp)#exit
R1(config)#crypto
R1(config)#crypto isakm
R1(config)#crypto isakmp key cisco address 0.0.0.0
R1(config)#crypto isakm
R1(config)#crypto isakmp kee
R1(config)#crypto isakmp keepalive 30
R1(config)#cryp
R1(config)#crypto isakm
R1(config)#cryp
R1(config)#crypto ipse
R1(config)#crypto ipsec trans
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3de
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac
R1(cfg-crypto-trans)#mod
R1(cfg-crypto-trans)#mode tran
R1(cfg-crypto-trans)#mode transport
R1(cfg-crypto-trans)#exit
R1(config)#cry
R1(config)#crypto ipse
R1(config)#crypto ipsec pro
R1(config)#crypto ipsec profile PRO-DMVPN1
R1(ipsec-profile)#set tra
R1(ipsec-profile)#set transform-set TS-IPSEC1
R1(ipsec-profile)#int tun0
R1(config-if)#ip
*Apr 30 06:38:51.897: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R1(config-if)#ip addre
R1(config-if)#ip address 172.16.0.1 255.255.255.0
R1(config-if)#ip mt
R1(config-if)#ip mtu 1368
R1(config-if)#tunn
R1(config-if)#tunnel sou
R1(config-if)#tunnel source Di
R1(config-if)#tunnel source Dialer 1
R1(config-if)#tunn
R1(config-if)#tunnel mo
R1(config-if)#tunnel mode gr
R1(config-if)#tunnel mode gre mu
R1(config-if)#tunnel mode gre multipoint
R1(config-if)#tunn
R1(config-if)#tunnel ke
R1(config-if)#tunnel key 10
R1(config-if)#tunn
R1(config-if)#tunnel p
R1(config-if)#tunnel pr
R1(config-if)#tunnel protection ipse
R1(config-if)#tunnel protection ipsec pro
R1(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R1(config-if)#ip nh
R1(config-if)#ip nhrp netwo
R1(config-if)#ip nhrp network-id 100
R1(config-if)#ip nh
R1(config-if)#ip nhrp map mul
R1(config-if)#ip nhrp map multicast ?
A.B.C.D IP NBMA address
X:X:X:X::X IPv6 NBMA address
dynamic Dynamically learn destinations from client registrations on hub
R1(config-if)#ip nhrp map multicast dyn
R1(config-if)#ip nhrp map multicast dynamic
R1(config-if)#ip os
R1(config-if)#ip ospf netwo
R1(config-if)#ip ospf network bro
R1(config-if)#ip ospf network broadcast
R1(config-if)#router
R1(config-if)#router osp
R1(config-if)#router ospf 1
R1(config-router)#netwo
R1(config-router)#network 172.16.0.1 0.0.0.0 area 0
R1(config-router)#netwo
R1(config-router)#network 10.100.0.1 0.0.0.0 area
R1(config-router)#network 10.100.0.1 0.0.0.0 area 0
R1(config-router)#int lo0
R1(config-if)#ip add
R1(config-if)#ip address 1
*Apr 30 06:40:48.694: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R1(config-if)#ip address 100.0.0.1
% Incomplete command.
R1(config-if)#ip address 100.0.0.1 255.255.255.255
R1(config-if)#int gig0/1
R1(config-if)#no ip add
R1(config-if)#no ip address
R1(config-if)#pppoe
R1(config-if)#pppoe en
R1(config-if)#pppoe enable
R1(config-if)#ppp
*Apr 30 06:41:34.894: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R1(config-if)#pppoe
*Apr 30 06:41:34.898: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R1(config-if)#pppoe
R1(config-if)#pppoe-cli
R1(config-if)#pppoe-client di
R1(config-if)#pppoe-client dial-pool-number 1
R1(config-if)#int gig0/0
R1(config-if)#ip add
R1(config-if)#ip address 10.100.0.1 255.255.255.0
R1(config-if)#ip tc
R1(config-if)#ip tcp ad
R1(config-if)#ip tcp adjust-mss 1328
R1(config-if)#no shut
R1(config-if)#int gig0/1
R1(config-if)#no shut
R1(config-if)#int di
R1(config-if)#int dia1
R1(config-if)#ip unnu
R1(config-if)#ip unnumbered Loo
R1(config-if)#ip unnumbered Loopback 0
R1(config-if)#
*Apr 30 06:42:36.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R1(config-if)#
*Apr 30 06:42:36.608: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R1(config-if)#ip mt
R1(config-if)#ip mtu 1454
R1(config-if)#enca
R1(config-if)#encapsulation ppp
R1(config-if)#dia
R1(config-if)#dialerpo
R1(config-if)#dialer pooo
R1(config-if)#dialer poo
R1(config-if)#dialer pool 1
R1(config-if)#dia
R1(config-if)#dialer-g
R1(config-if)#dialer-group r
R1(config-if)#dialer-group r
*Apr 30 06:43:04.833: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 06:43:04.837: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:43:06.896: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R1(config-if)#dialer-group
*Apr 30 06:43:06.914: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R1(config-if)#dialer-group 1
R1(config-if)#ppp auth
R1(config-if)#ppp authe
R1(config-if)#ppp authentication chap calli
R1(config-if)#ppp authentication chap callin
R1(config-if)#ppp chap hostna
R1(config-if)#ppp chap hostname ccie@example.com
*Apr 30 06:43:29.144: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 06:43:29.148: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:43:29.261: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R1(config-if)#ppp chap hostname ccie@example.com
*Apr 30 06:43:29.278: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R1(config-if)#ppp chap pass
R1(config-if)#ppp chap password cc13
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 D
*Apr 30 06:43:51.470: %DIALER-6-BIND: Interface Vi2 bound to profile Di1ia
R1(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
*Apr 30 06:43:51.475: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:43:52.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R1(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R1(config)#dia
R1(config)#dialer-li
R1(config)#dialer-list 1 pro
R1(config)#dialer-list 1 protocol ip per
R1(config)#dialer-list 1 protocol ip permit
R1(config)#^Z
R1#
*Apr 30 06:44:09.301: %SYS-5-CONFIG_I: Configured from console by console
R1#ping 100.1.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.1.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/8 ms
R1#ping 35.0.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 35.0.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/11 ms
R1#
*Apr 30 06:55:40.644: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#
*Apr 30 06:56:40.645: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R1#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/17/20 ms
R1#sh run int tun0
Building configuration...
Current configuration : 284 bytes
!
interface Tunnel0
ip address 172.16.0.1 255.255.255.0
no ip redirects
ip mtu 1368
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip ospf network broadcast
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 10
tunnel protection ipsec profile PRO-DMVPN1
end
R1#
*Apr 30 06:58:46.830: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#sh ip proto
*** IP Routing is NSF aware ***
Routing Protocol is "application"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
Routing Protocol is "nhrp"
Maximum path: 32
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 250)
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 172.16.0.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.100.0.1 0.0.0.0 area 0
172.16.0.1 0.0.0.0 area 0
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 110)
R1#
*Apr 30 06:59:46.831: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R1#sh ip int tun0 | i Internet
Internet address is 172.16.0.1/24
R1#
*Apr 30 07:01:57.996: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#sh ip int tun0 | i MTU
MTU is 1368 bytes
R1#sh ip ospf neigh detail
Neighbor 172.16.0.2, interface address 172.16.0.2
In the area 0 via interface Tunnel0
Neighbor priority is 0, State is DOWN, 4 state changes
Neighbor ignored, reenable in 00:00:15
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x12 in Hello (E-bit, L-bit)
LLS Options is 0x1 (LR)
Index 0/0/0, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
R1#
*Apr 30 07:02:57.997: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R1#
*Apr 30 07:05:06.765: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#
*Apr 30 07:06:06.766: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
*Apr 30 07:06:07.011: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from LOADING to FULL, Loading Done
R1#
*Apr 30 07:54:09.586: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.6 on Tunnel0 from LOADING to FULL, Loading Done
R1#
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#cry
R2(config)#crypto isak
R2(config)#crypto isakmp po
R2(config)#crypto isakmp policy 1
R2(config-isakmp)#enc
R2(config-isakmp)#encryption 3de
R2(config-isakmp)#encryption 3des
R2(config-isakmp)#ha
R2(config-isakmp)#hash md
R2(config-isakmp)#hash md5
R2(config-isakmp)#auth
R2(config-isakmp)#authentication pre
R2(config-isakmp)#authentication pre-share
R2(config-isakmp)#gr
R2(config-isakmp)#group 2
R2(config-isakmp)#cry
R2(config-isakmp)#cryp
R2(config-isakmp)#exit
R2(config)#cry
R2(config)#crypto isak
R2(config)#crypto isakmp ke
R2(config)#crypto isakmp key
R2(config)#crypto isakmp key cisco address 0.0.0.0
R2(config)#cry
R2(config)#crypto isak
R2(config)#crypto isakmp kee
R2(config)#crypto isakmp keepalive 30
R2(config)#cry
R2(config)#crypto ipse
R2(config)#crypto ipsec tran
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3de
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des es
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac h
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac
R2(cfg-crypto-trans)#mod
R2(cfg-crypto-trans)#mode tra
R2(cfg-crypto-trans)#mode transport
R2(cfg-crypto-trans)#exit
R2(config)#cry
R2(config)#crypto ipse
R2(config)#crypto ipsec pro
R2(config)#crypto ipsec profile PRO-DMVPN1
R2(ipsec-profile)#set tra
R2(ipsec-profile)#set transform-set TS-IPSEC1
R2(ipsec-profile)#int tun0
R2(config-if)#ip
*Apr 30 06:46:40.154: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R2(config-if)#ip add
R2(config-if)#ip address 172.16.0.2 255.255.255.0
R2(config-if)#tunn
R2(config-if)#tunnel saou
R2(config-if)#tunnel sou
R2(config-if)#tunnel source Dia
R2(config-if)#tunnel source Dialer 1
R2(config-if)#tunn
R2(config-if)#tunnel mo
R2(config-if)#tunnel mode gr
R2(config-if)#tunnel mode gre mul
R2(config-if)#tunnel mode gre multipoint
R2(config-if)#tunn
R2(config-if)#tunnel ke
R2(config-if)#tunnel key 10
R2(config-if)#tunn
R2(config-if)#tunnel pro
R2(config-if)#tunnel protection ip
R2(config-if)#tunnel protection ipsec pro
R2(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R2(config-if)#ip nh
R2(config-if)#ip nhrp netow
R2(config-if)#ip nh
R2(config-if)#ip nhrp netwo
R2(config-if)#ip nhrp network-id 100
R2(config-if)#ip nh
R2(config-if)#ip nhrp nhs 172.16.0.1
R2(config-if)#ip nh
R2(config-if)#ip nhrp map 172.16.0.1 100.0.0.1
R2(config-if)#ip nhr
R2(config-if)#ip nhrp ma
R2(config-if)#ip nhrp map
R2(config-if)#ip nhrp map mul
R2(config-if)#ip nhrp map multicast 100.0.0.1
R2(config-if)#ip os
R2(config-if)#ip ospf netwo
R2(config-if)#ip ospf network bro
R2(config-if)#ip ospf network broadcast
R2(config-if)#ip os
R2(config-if)#ip ospf pri
R2(config-if)#ip ospf priority 0
R2(config-if)#router ospf 1
R2(config-router)#netwo
R2(config-router)#network 172.16.0.2 0.0.0.0 area 0
R2(config-router)#netwo
R2(config-router)#network 10.200.0.2 0.0.0.0 area 0
R2(config-router)#int lo0
R2(config-if)#ip add
R2(config-if)#ip address 1
*Apr 30 06:50:22.469: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R2(config-if)#ip address 200.0.0.2 255.255.255.255
R2(config-if)#int gig0/1
R2(config-if)#no ip addre
R2(config-if)#no ip address
R2(config-if)#pppoe ena
R2(config-if)#pppoe enable
R2(config-if)#pp
*Apr 30 06:50:54.101: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R2(config-if)#pppoe-
*Apr 30 06:50:54.104: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R2(config-if)#pppoe-clie
R2(config-if)#pppoe-client dial
R2(config-if)#pppoe-client dial-pool-number 1
R2(config-if)#int gig0/0
R2(config-if)#ip add
R2(config-if)#ip address 10.200.0.2 255.255.255.0
R2(config-if)#ip tc
R2(config-if)#ip tcp ad
R2(config-if)#ip tcp adjust-mss 1328
R2(config-if)#int dia1
R2(config-if)#ip unnu
R2(config-if)#ip unnumbered lo0
R2(config-if)#
*Apr 30 06:52:25.082: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R2(config-if)#ip
*Apr 30 06:52:25.141: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R2(config-if)#ip mt
R2(config-if)#ip mtu 1454
R2(config-if)#enca
R2(config-if)#encapsulation ppp
R2(config-if)#dia
R2(config-if)#dialer po
R2(config-if)#dialer pool 1
R2(config-if)#dia
R2(config-if)#dialer-gr
R2(config-if)#dialer-group
*Apr 30 06:52:44.791: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 06:52:44.795: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:52:46.591: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R2(config-if)#dialer-group
*Apr 30 06:52:46.605: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R2(config-if)#dialer-group 1
R2(config-if)#ppp auth
R2(config-if)#ppp authe
R2(config-if)#ppp authentication chap calli
R2(config-if)#ppp authentication chap callin
R2(config-if)#ppp chap hostname ccie@example.com
R2(config-if)#
*Apr 30 06:53:08.836: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 06:53:08.839: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:53:08.945: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R2(config-if)#
*Apr 30 06:53:08.965: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R2(config-if)#ppp chap pass
R2(config-if)#ppp chap password cc13
R2(config-if)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 Dia
R2(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R2(config)#
*Apr 30 06:53:31.117: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
R2(config)#diale
*Apr 30 06:53:31.121: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:53:31.686: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R2(config)#dialer
R2(config)#dialer-li
R2(config)#dialer-list 1 pro
R2(config)#dialer-list 1 protocol ip per
R2(config)#dialer-list 1 protocol ip permit
R2(config)#^Z
R2#sh i
*Apr 30 06:53:41.892: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
R2#ping 200.2.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.2.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/16 ms
R2#ping 100.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/10 ms
R2#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Dialer1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.200.0.0/24 is directly connected, GigabitEthernet0/0
L 10.200.0.2/32 is directly connected, GigabitEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/24 is directly connected, Tunnel0
L 172.16.0.2/32 is directly connected, Tunnel0
200.0.0.0/32 is subnetted, 1 subnets
C 200.0.0.2 is directly connected, Loopback0
200.2.4.0/32 is subnetted, 1 subnets
C 200.2.4.4 is directly connected, Dialer1
R2#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
R2#sh ip ospf neigh
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 EXSTART/DR 00:00:37 172.16.0.1 Tunnel0
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 EXSTART/DR 00:00:35 172.16.0.1 Tunnel0
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 EXSTART/DR 00:00:39 172.16.0.1 Tunnel0
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 EXSTART/DR 00:00:39 172.16.0.1 Tunnel0
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 EXSTART/DR 00:00:38 172.16.0.1 Tunnel0
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 EXSTART/DR 00:00:37 172.16.0.1 Tunnel0
R2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 EXSTART/DR 00:00:36 172.16.0.1 Tunnel0
R2#sh ipse
R2#sh ip i
*Apr 30 06:55:42.979: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R2#sh ip ipse
R2#sh ip ipsec
R2#sh ipse
R2#sh ipse
R2#sh ipse
R2#sh cry
R2#sh crypto ip
R2#sh crypto ipsec sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 200.0.0.2
protected vrf: (none)
local ident (addr/mask/prot/port): (200.0.0.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (100.0.0.1/255.255.255.255/47/0)
current_peer 100.0.0.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 45, #pkts encrypt: 45, #pkts digest: 45
#pkts decaps: 44, #pkts decrypt: 44, #pkts verify: 44
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 200.0.0.2, remote crypto endpt.: 100.0.0.1
plaintext mtu 1442, path mtu 1472, ip mtu 1472, ip mtu idb Tunnel0
current outbound spi: 0xCD11C1FD(3440493053)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x8D00840B(2365621259)
transform: esp-3des esp-md5-hmac ,
in use settings ={Transport, }
conn id: 1, flow_id: SW:1, sibling_flags 80004000, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4608000/3449)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
spi: 0x2F470E3D(793185853)
transform: esp-3des esp-md5-hmac ,
in use settings ={Transport, }
conn id: 3, flow_id: SW:3, sibling_flags 80000000, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4193753/3449)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x43219BBB(1126276027)
transform: esp-3des esp-md5-hmac ,
in use settings ={Transport, }
conn id: 2, flow_id: SW:2, sibling_flags 80004000, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4608000/3449)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
spi: 0xCD11C1FD(3440493053)
transform: esp-3des esp-md5-hmac ,
in use settings ={Transport, }
conn id: 4, flow_id: SW:4, sibling_flags 80000000, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4193753/3449)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
R2#
*Apr 30 06:56:42.979: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R2#sh crypto ipsec sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 200.0.0.2
protected vrf: (none)
local ident (addr/mask/prot/port): (200.0.0.2/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (100.0.0.1/255.255.255.255/47/0)
current_peer 100.0.0.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 56, #pkts encrypt: 56, #pkts digest: 56
#pkts decaps: 54, #pkts decrypt: 54, #pkts verify: 54
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 200.0.0.2, remote crypto endpt.: 100.0.0.1
plaintext mtu 1442, path mtu 1472, ip mtu 1472, ip mtu idb Tunnel0
current outbound spi: 0xCD11C1FD(3440493053)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x8D00840B(2365621259)
R2#ping 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/18/27 ms
R2#sh run | s tun0
R2#sh run tun0
^
% Invalid input detected at '^' marker.
R2#sh run int tun0
Building configuration...
Current configuration : 351 bytes
!
interface Tunnel0
ip address 172.16.0.2 255.255.255.0
no ip redirects
ip nhrp map 172.16.0.1 100.0.0.1
ip nhrp map multicast 100.0.0.1
ip nhrp network-id 100
ip nhrp nhs 172.16.0.1
ip ospf network broadcast
ip ospf priority 0
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 10
tunnel protection ipsec profile PRO-DMVPN1
end
R2#sh ip proto
*** IP Routing is NSF aware ***
Routing Protocol is "application"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
Routing Protocol is "nhrp"
Maximum path: 32
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 250)
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 172.16.0.2
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.200.0.2 0.0.0.0 area 0
172.16.0.2 0.0.0.0 area 0
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 110)
R2#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.200.0.2 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0/3 unassigned YES NVRAM administratively down down
Dialer1 200.0.0.2 YES TFTP up up
Loopback0 200.0.0.2 YES manual up up
Tunnel0 172.16.0.2 YES manual up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
R2#sh ip int tun0 | i Internet
Internet address is 172.16.0.2/24
R2#sh ip int tun0 | i M
*Apr 30 07:02:01.972: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R2#sh ip int tun0 | i MTU
MTU is 1472 bytes
R2#sh ip ospf neigh detai
R2#sh ip ospf neigh detail
Neighbor 172.16.0.1, interface address 172.16.0.1
In the area 0 via interface Tunnel0
Neighbor priority is 1, State is DOWN, 7 state changes
Neighbor ignored, reenable in 00:00:24
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x12 in Hello (E-bit, L-bit)
LLS Options is 0x1 (LR)
Index 0/0/0, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
R2#
*Apr 30 07:03:01.973: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R2#cofn t
^
% Invalid input detected at '^' marker.
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int tun0
R2(config-if)#ip mt
R2(config-if)#ip mtu 1368
*Apr 30 07:05:09.284: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R2(config-if)#ip mtu 1368
R2(config-if)#do sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 DOWN/DROTHER - 172.16.0.1 Tunnel0
R2(config-if)#do sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 DOWN/DROTHER - 172.16.0.1 Tunnel0
R2(config-if)#do sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 DOWN/DROTHER - 172.16.0.1 Tunnel0
R2(config-if)#do sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 DOWN/DROTHER - 172.16.0.1 Tunnel0
R2(config-if)#do sh ip int | i MTU
MTU is 1500 bytes
MTU is 1454 bytes
MTU is 1514 bytes
MTU is 1368 bytes
R2(config-if)#do sh ip int tun0 | i MTU
MTU is 1368 bytes
R2(config-if)#
*Apr 30 07:06:09.284: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
*Apr 30 07:06:09.676: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R2(config-if)#^Z
R2#sh ip
*Apr 30 07:06:13.859: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.100.0.0/24 [110/1001] via 172.16.0.1, 00:00:02, Tunnel0
R2#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/23 ms
R2#
R6#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#cry
R6(config)#crypto isak
R6(config)#crypto isakmp po
R6(config)#crypto isakmp policy 1
R6(config-isakmp)#enc
R6(config-isakmp)#encryption 3de
R6(config-isakmp)#encryption 3des
R6(config-isakmp)#ha
R6(config-isakmp)#hash md
R6(config-isakmp)#hash md5
R6(config-isakmp)#auth
R6(config-isakmp)#authentication pre
R6(config-isakmp)#authentication pre-share
R6(config-isakmp)#gr
R6(config-isakmp)#group 2
R6(config-isakmp)#cry
R6(config-isakmp)#exit
R6(config)#crypto
R6(config)#crypto isak
R6(config)#crypto isakmp ke
R6(config)#crypto isakmp key cisco add
R6(config)#crypto isakmp key cisco address 0.0.0.0
R6(config)#crypto
R6(config)#crypto isakm
R6(config)#crypto isakmp kee
R6(config)#crypto isakmp keepalive 30
R6(config)#crypt
R6(config)#crypto ipse
R6(config)#crypto ipsec tran
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3de
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac
R6(cfg-crypto-trans)#mod
R6(cfg-crypto-trans)#mode tra
R6(cfg-crypto-trans)#mode transport
R6(cfg-crypto-trans)#cry
R6(cfg-crypto-trans)#cryp
R6(cfg-crypto-trans)#exit
R6(config)#cryp
R6(config)#crypto ipse
R6(config)#crypto ipsec pro
R6(config)#crypto ipsec profile PRO-DMVPN1
R6(ipsec-profile)#set tra
R6(ipsec-profile)#set transform-set TS-IPSEC1
R6(ipsec-profile)#int tun0
R6(config-if)#
*Apr 30 07:32:49.891: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R6(config-if)#ip add
R6(config-if)#ip address 172.16.0.6 255.255.255.0
R6(config-if)#tunn
R6(config-if)#tunnel sour
R6(config-if)#tunnel source Dia
R6(config-if)#tunnel source Dialer 1
R6(config-if)#tunn
R6(config-if)#tunnel mod
R6(config-if)#tunnel mode gr
R6(config-if)#tunnel mode gre mu
R6(config-if)#tunnel mode gre multipoint
R6(config-if)#tunn
R6(config-if)#tunnel ke
R6(config-if)#tunnel key 10
R6(config-if)#tunn
R6(config-if)#tunnel p
R6(config-if)#tunnel pro
R6(config-if)#tunnel protection ipse
R6(config-if)#tunnel protection ipsec pro
R6(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R6(config-if)#ip nh
R6(config-if)#ip nhrp netwo
R6(config-if)#ip nhrp network-id 100
R6(config-if)#ip nh
R6(config-if)#ip nhrp nhs 172.16.0.1
R6(config-if)#ip nh
R6(config-if)#ip nhrp map 172.16.0.1 100.0.0.1
R6(config-if)#ip nhrp map mul
R6(config-if)#ip nhrp map multicast 100.0.0.1
R6(config-if)#ip osp
R6(config-if)#ip ospf netwo
R6(config-if)#ip ospf network bro
R6(config-if)#ip ospf network broadcast
R6(config-if)#ip os
R6(config-if)#ip ospf pri
R6(config-if)#ip ospf priority o
R6(config-if)#ip ospf priority 0
R6(config-if)#router ospf 1
R6(config-router)#netwo
R6(config-router)#network 172.16.0.6 0.0.0.0 area 0
R6(config-router)#net
R6(config-router)#network 10.6.0.6 0.0.0.0 area 0
R6(config-router)#int lo0
R6(config-if)#ip
*Apr 30 07:48:55.542: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to upa
R6(config-if)#ip add
R6(config-if)#ip address 106.0.0.6 255.255.255.255
R6(config-if)#int gig0/1
R6(config-if)#no ip add
R6(config-if)#no ip address
R6(config-if)#pppoe enabl
R6(config-if)#pppoe enable
R6(config-if)#pppoe
*Apr 30 07:50:22.401: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R6(config-if)#pppoe-
*Apr 30 07:50:22.404: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R6(config-if)#pppoe-clie
R6(config-if)#pppoe-client dia
R6(config-if)#pppoe-client dial-pool-number 1
R6(config-if)#int gig0/0
R6(config-if)#ip addre
R6(config-if)#ip address 10.6.0.6 255.255.255.0
R6(config-if)#ip tcp ad
R6(config-if)#ip tcp adjust-mss 1328
R6(config-if)#int tun0
R6(config-if)#ip mt
R6(config-if)#ip mtu 1368
R6(config-if)#int gig0/0
R6(config-if)#int dia 1
R6(config-if)#ip unnu
R6(config-if)#ip unnumbered Lo
R6(config-if)#ip unnumbered Loo
R6(config-if)#ip unnumbered Loopback 0
R6(config-if)#ip
*Apr 30 07:53:12.605: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R6(config-if)#ip mt
R6(config-if)#ip mtu
*Apr 30 07:53:12.668: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R6(config-if)#ip mtu 1454
R6(config-if)#enca
R6(config-if)#encapsulation ppp
R6(config-if)#dial
R6(config-if)#dialer po
R6(config-if)#dialer pool 1
R6(config-if)#dia
R6(config-if)#dialer-g
R6(config-if)#dialer-group
*Apr 30 07:53:26.348: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 07:53:26.353: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 07:53:28.231: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R6(config-if)#dialer-group
*Apr 30 07:53:28.247: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R6(config-if)#dialer-group 1
R6(config-if)#ppp auth
R6(config-if)#ppp authe
R6(config-if)#ppp authentication chap calli
R6(config-if)#ppp authentication chap callin
R6(config-if)#ppp chap hostnae
R6(config-if)#ppp chap hostna
R6(config-if)#ppp chap hostname ccie@
*Apr 30 07:53:50.543: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 07:53:50.547: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 07:53:50.640: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R6(config-if)#ppp chap hostname ccie@isp3
*Apr 30 07:53:50.655: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R6(config-if)#ppp chap hostname ccie@isp3.pg1x.net
R6(config-if)#ppp chap
R6(config-if)#ppp chap pass
R6(config-if)#ppp chap password cc13
R6(config-if)#exit
R6(config)#ip route 0.0.0.0 0.0.0.0
*Apr 30 07:54:12.886: %DIALER-6-BIND: Interface Vi2 bound to profile Di1 D
R6(config)#ip route 0.0.0.0 0.0.0.0 Dia
R6(config)#ip route 0.0.0.0 0.0.0.0 Dialer
*Apr 30 07:54:12.889: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 07:54:13.434: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R6(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R6(config)#dia
R6(config)#dialer-li
R6(config)#dialer-list 1
*Apr 30 07:54:19.670: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R6(config)#dialer-list 1 pro
R6(config)#dialer-list 1 protocol ip
R6(config)#dialer-list 1 protocol ip per
R6(config)#dialer-list 1 protocol ip permit
R6(config)#^Z
R6#sh ip
*Apr 30 07:54:25.651: %SYS-5-CONFIG_I: Configured from console by console
R6#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.100.0.0/24 [110/1001] via 172.16.0.1, 00:00:04, Tunnel0
O 10.200.0.0/24 [110/1001] via 172.16.0.2, 00:00:04, Tunnel0
R6#ping 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 14/17/24 ms
R6#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/36/53 ms
R6#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 7/258/1005 ms
R6#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/16/22 ms
R6#ping 10.200.0.202
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.0.202, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/20 ms
R6#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
172.16.0.1 1 FULL/DR 00:00:39 172.16.0.1 Tunnel0
R6#ping 10.200.0.202 repeat 10000 Type escape sequence to abort. Sending 10000, 100-byte ICMP Echos to 10.200.0.202, timeout is 2 seconds: .!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!. Success rate is 99 percent (622/624), round-trip min/avg/max = 7/16/1018 ms R6#
References
tech/network/cisco/vpn/tunneling/dmvpn/dmvpn.txt · Last modified: 2019/04/30 17:02 by wnoguchi
