PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:cisco:vpn:tunneling:dmvpn:dmvpn

Cisco: DMVPN

Topology: mGRE + NHRP + OSPF

Preparation

Project name: ccna-vpn-gre-0003-gre-over-ipsec-1-n

Project name: ccna-vpn-dmvpn-0001-mgre+nhrp

  • R1
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 100.0.0.1 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@example.com
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end
  • R2
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 200.0.0.2 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@example.com
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end
  • R6
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 106.0.0.6 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@isp3.pg1x.net
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end

Configure

  • R1(NHS, Hub)
configure terminal
!
interface tunnel0
 ip address 172.16.0.1 255.255.255.0
 tunnel source 100.0.0.1
 tunnel mode gre multipoint
 !
 ip nhrp network-id 100
 ip nhrp map multicast dyanmic
 !
 ip ospf network broadcast
exit
!
router ospf 1
 network 172.16.0.1 0.0.0.0 area 0
 network 10.100.0.1 0.0.0.0 area 0
exit
!
end
  • R2(NHC, Spoke)
configure terminal
!
interface tunnel0
 ip address 172.16.0.2 255.255.255.0
 tunnel source 200.0.0.2
 tunnel mode gre multipoint
 !
 ip nhrp network-id 100
 ip nhrp nhs 172.16.0.1
 ip nhrp map 172.16.0.1 100.0.0.1
 ip nhrp map multicast 100.0.0.1
 !
 ip ospf network broadcast
 ip ospf priority 0
exit
!
router ospf 1
 network 172.16.0.2 0.0.0.0 area 0
 network 10.200.0.2 0.0.0.0 area 0
exit
!
end
  • R6(NHC, Spoke)
configure terminal
!
interface tunnel0
 ip address 172.16.0.6 255.255.255.0
 tunnel source 106.0.0.6
 tunnel mode gre multipoint
 !
 ip nhrp network-id 100
 ip nhrp nhs 172.16.0.1
 ip nhrp map 172.16.0.1 100.0.0.1
 ip nhrp map multicast 100.0.0.1
 !
 ip ospf network broadcast
 ip ospf priority 0
exit
!
router ospf 1
 network 172.16.0.6 0.0.0.0 area 0
 network 10.6.0.6 0.0.0.0 area 0
exit
!
end

Topology: DMVPN + OSPF

mGRE + NHRP + IPsec + OSPF

figure ip is messed

Preparation

Project name: ccna-vpn-gre-0003-gre-over-ipsec-1-n

Project name: ccna-vpn-dmvpn-0001-mgre+nhrp

  • R1
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 100.0.0.1 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@example.com
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end
  • R2
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 200.0.0.2 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@example.com
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end
  • R6
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 106.0.0.6 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@isp3.pg1x.net
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end

Configuration

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#cry
R1(config)#crypto isakm
R1(config)#crypto isakmp po
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#er
R1(config-isakmp)#enc
R1(config-isakmp)#encryption 3de
R1(config-isakmp)#encryption 3des 
*Apr 30 05:20:01.738: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification
R1(config-isakmp)#encryption 3des 
R1(config-isakmp)#ha
R1(config-isakmp)#hash md
R1(config-isakmp)#hash md5 
R1(config-isakmp)#auth
R1(config-isakmp)#authentication pre
R1(config-isakmp)#authentication pre-share 
R1(config-isakmp)#gr
R1(config-isakmp)#group 2
R1(config-isakmp)#cr
R1(config-isakmp)#cry
R1(config-isakmp)#cryp
R1(config-isakmp)#exit
R1(config)#cry
R1(config)#crypto isak
R1(config)#crypto isakmp ke
R1(config)#crypto isakmp kecis
R1(config)#crypto isakmp key  
R1(config)#crypto isakmp key cis
R1(config)#crypto isakmp key cisco address 0.0.0.0
R1(config)#cry
R1(config)#crypto isakm
R1(config)#crypto isakmp kee
R1(config)#crypto isakmp keepalive 30
R1(config)#cry
R1(config)#crypto ipse
R1(config)#crypto ipsec trans
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac 
R1(cfg-crypto-trans)#mod
R1(cfg-crypto-trans)#mode trans
R1(cfg-crypto-trans)#mode transport 
R1(cfg-crypto-trans)#exit
R1(config)#cry
R1(config)#crypto ip
R1(config)#crypto ipsec pro
R1(config)#crypto ipsec profile PRO-DMVPN1
R1(ipsec-profile)#set tra
R1(ipsec-profile)#set transform-set TS-IPSEC1
R1(ipsec-profile)#exit
R1(config)#int tun0
R1(config-if)#
*Apr 30 05:21:41.298: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R1(config-if)#exit
R1(config)#interface GigabitEthernet 0/1
R1(config-if)#no ip address
R1(config-if)#pppoe enable group global
R1(config-if)#pppoe-client dial-pool-number 10
R1(config-if)#exit
R1(config)#!
R1(config)#interface GigabitEthernet 0/0
R1(config-if)#ip tcp adjust-mss 1356
R1(config-if)#exit
R1(config)#!
R1(config)#interface Loopback 1
R1(config-if)#ip address 100.0.0.1 255.255.255.255
R1(config-if)#exit
R1(config)#
*Apr 30 05:22:19.367: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up!
R1(config)#interface Dialer 1
R1(config-if)#ip unnumbered Loopback 1
R1(config-if)#ip mtu 1454
R1(config-if)#encapsulation ppp
R1(config-if)#dialer pool 10
R1(config-if)#dialer-group 20
R1(config-if)#ppp authentication chap callin
R1(config-if)#ppp chap hostname ccie@example.com
R1(config-if)#ppp chap password cc13
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#!
R1(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R1(config)#!
R1(config)#dialer-list 20 protocol ip permit
R1(config)#
*Apr 30 05:22:19.374: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R1(config)#
*Apr 30 05:22:20.608: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
R1(config)#
*Apr 30 05:22:23.907: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 05:22:23.913: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
R1(config)#
*Apr 30 05:22:27.578: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R1(config)#int tun0
R1(config-if)#ip add
R1(config-if)#ip address 172.16.0.1 255.255.255.0
R1(config-if)#tunn
R1(config-if)#tunnel sou
R1(config-if)#tunnel source 100.0.0.1
R1(config-if)#tunn
R1(config-if)#tunnel mo
R1(config-if)#tunnel mode gr
R1(config-if)#tunnel mode gre mu
R1(config-if)#tunnel mode gre multipoint 
R1(config-if)#
*Apr 30 05:23:40.321: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R1(config-if)#tunn
R1(config-if)#tunnel ke
R1(config-if)#tunnel key ?
  <0-4294967295>  key

R1(config-if)#tunnel key 10
R1(config-if)#tunn
R1(config-if)#tunnel p
R1(config-if)#tunnel pr
R1(config-if)#tunnel protection ?
  ipsec  Use ipsec to protect this tunnel interface

R1(config-if)#tunnel protection ipse
R1(config-if)#tunnel protection ipsec pro
R1(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R1(config-if)#ip
*Apr 30 05:24:06.952: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R1(config-if)#ip nhr
R1(config-if)#ip nhrp netwo
R1(config-if)#ip nhrp network-id 100
R1(config-if)#ip nhr
R1(config-if)#ip nhrp ma
R1(config-if)#ip nhrp map mul
R1(config-if)#ip nhrp map multicast dyn
R1(config-if)#ip nhrp map multicast dynamic 
R1(config-if)#ip os
R1(config-if)#ip ospf net
R1(config-if)#ip ospf network bro
R1(config-if)#ip ospf network broadcast 
R1(config-if)#router ospf 1
R1(config-router)#netwo
R1(config-router)#network 172.16.0.1 0.0.0.0 area 0
R1(config-router)#netow
R1(config-router)#netwo
R1(config-router)#network 10.100.0.1 0.0.0.0 area 0.0.0.0
R1(config-router)#
*Apr 30 05:29:36.515: %OSPF-5-ADJCHG: Process 1, Nbr 200.0.0.2 on Tunnel0 from LOADING to FULL, Loading Done
R1(config-router)#
*Apr 30 05:36:53.851: %OSPF-5-ADJCHG: Process 1, Nbr 106.0.0.6 on Tunnel0 from LOADING to FULL, Loading Done
R1(config-router)#
*Apr 30 05:37:23.294: %OSPF-5-ADJCHG: Process 1, Nbr 106.0.0.6 on Tunnel0 from LOADING to FULL, Loading Done
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#
*Apr 30 05:20:02.197: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification
R2(config)#interface GigabitEthernet 0/1
R2(config-if)#no ip address
R2(config-if)#pppoe enable group global
R2(config-if)#pppoe-client dial-pool-number 10
R2(config-if)#exit
R2(config)#!
R2(config)#interface GigabitEthernet 0/0
R2(config-if)#ip tcp adjust-mss 1356
R2(config-if)#exit
R2(config)#!
R2(config)#interface Loopback 1
R2(config-if)#ip address 200.0.0.2 255.255.255.255
*Apr 30 05:22:31.533: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R2(config-if)#exit
R2(config)#!
R2(config)#interface Dialer 1
R2(config-if)#ip unnumbered Loopback 1
R2(config-if)#ip mtu 1454
R2(config-if)#encapsulation ppp
R2(config-if)#dialer pool 10
R2(config-if)#dialer-group 20
R2(config-if)#ppp authentication chap callin
R2(config-if)#ppp chap hostname ccie@example.com
R2(config-if)#ppp chap password cc13
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#!
R2(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R2(config)#!
R2(config)#dialer-list 20 protocol ip permit
R2(config)#
*Apr 30 05:22:31.540: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R2(config)#
*Apr 30 05:22:32.746: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
R2(config)#
*Apr 30 05:22:35.920: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 05:22:35.925: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
R2(config)#
*Apr 30 05:22:39.598: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R2(config)#cry
R2(config)#crypto isakm
R2(config)#crypto isakmp po
R2(config)#crypto isakmp policy 1
R2(config-isakmp)#enc
R2(config-isakmp)#encryption 3des 
R2(config-isakmp)#has
R2(config-isakmp)#hash md
R2(config-isakmp)#hash md5 
R2(config-isakmp)#aut
R2(config-isakmp)#authentication pre
R2(config-isakmp)#authentication pre-share 
R2(config-isakmp)#gor
R2(config-isakmp)#gr 
R2(config-isakmp)#group 2
R2(config-isakmp)#exit
R2(config)#cry
R2(config)#crypto isakm
R2(config)#crypto isakmp key
R2(config)#crypto isakmp key cisco address 0.0.0.0
R2(config)#cry
R2(config)#crypto isakm
R2(config)#crypto isakmp kee
R2(config)#crypto isakmp keepalive 30
R2(config)#cry
R2(config)#crypto ipse
R2(config)#crypto ipsec trans
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac
R2(cfg-crypto-trans)#mode
R2(cfg-crypto-trans)#mode tra
R2(cfg-crypto-trans)#mode transport 
R2(cfg-crypto-trans)#exit
R2(config)#cry
R2(config)#crypto ipse
R2(config)#crypto ipsec pro
R2(config)#crypto ipsec profile PRO-DMVPN1
R2(ipsec-profile)#set tran
R2(ipsec-profile)#set transform-set TS-IPSEC1
R2(ipsec-profile)#int tun0
R2(config-if)#ip ad
*Apr 30 05:27:32.893: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R2(config-if)#ip add
R2(config-if)#ip address 172.16.0.2 255.255.255.0
R2(config-if)#tun
R2(config-if)#tunnel so
R2(config-if)#tunnel source 200.0.0.2
R2(config-if)#tunn
R2(config-if)#tunnel mo
R2(config-if)#tunnel mode gr
R2(config-if)#tunnel mode gre mu
R2(config-if)#tunnel mode gre multipoint 
R2(config-if)#tunn
R2(config-if)#tunnel ke
R2(config-if)#tunnel key 10
R2(config-if)#tunn
R2(config-if)#tunnel p
R2(config-if)#tunnel pr
R2(config-if)#tunnel protection 
*Apr 30 05:28:01.916: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R2(config-if)#tunnel protection ipse
R2(config-if)#tunnel protection ipsec pro
R2(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R2(config-if)#
*Apr 30 05:28:15.230: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R2(config-if)#ip nhrp netwo
R2(config-if)#ip nhrp network-id 100
R2(config-if)#ip nhr
R2(config-if)#ip nhrp nhs 172.16.0.1
R2(config-if)#ip nhr
R2(config-if)#ip nhrp map 172.16.0.1 100.0.0.1
R2(config-if)#ip nh
R2(config-if)#ip nhrp ma
R2(config-if)#ip nhrp map
R2(config-if)#ip nhrp map mut
R2(config-if)#ip nhrp map mul,
R2(config-if)#ip nhrp map mul 
R2(config-if)#ip nhrp map multicast 100.0.0.1
R2(config-if)#ip os
R2(config-if)#ip ospf netwo
R2(config-if)#ip ospf network bro
R2(config-if)#ip ospf network broadcast 
R2(config-if)#ip osp
R2(config-if)#ip ospf pri
R2(config-if)#ip ospf priority 0
R2(config-if)#router ospf 1
R2(config-router)#netw  
R2(config-router)#network 172.16.0.2 0.0.0.0 area 0.0.0.0
R2(config-router)#netow
*Apr 30 05:29:38.381: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R2(config-router)#netwo
R2(config-router)#network 10.200.0.2 0.0.0.0 area 0
R2(config-router)#^Z 
R2#sh ip ro 
*Apr 30 05:30:05.235: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O        10.100.0.0/24 [110/1001] via 172.16.0.1, 00:00:25, Tunnel0
R2#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/15/21 ms
R6#
R6#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R6(config)#
*Apr 30 05:20:04.198: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification
R6(config)#interface GigabitEthernet 0/1
R6(config-if)#no ip address
R6(config-if)#pppoe enable group global
R6(config-if)#pppoe-client dial-pool-number 10
R6(config-if)#exit
R6(config)#!
R6(config)#interface GigabitEthernet 0/0
R6(config-if)#ip tcp adjust-m
*Apr 30 05:22:45.571: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to upss 1356
R6(config-if)#exit
R6(config)#!
R6(config)#interface Loopback 1
R6(config-if)#ip address 106.0.0.6 255.255.255.255
R6(config-if)#exit
R6(config)#!
R6(config)#interface Dialer 1
R6(config-if)#ip unnumbered Loopback 1
R6(config-if)#ip mtu 1454
R6(config-if)#encapsulation ppp
R6(config-if)#dialer pool 10
R6(config-if)#dialer-group 20
R6(config-if)#ppp authentication chap callin
R6(config-if)#ppp chap hostname ccie@isp3.pg1x.net
R6(config-if)#ppp chap password cc13
R6(config-if)#no shutdown
R6(config-if)#exit
R6(config)#!
R6(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R6(config)#!
R6(config)#dialer-list 20 protocol ip permit
R6(config)#
*Apr 30 05:22:45.578: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R6(config)#
*Apr 30 05:22:46.852: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up
R6(config)#
*Apr 30 05:22:50.065: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 05:22:50.071: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
R6(config)#
*Apr 30 05:22:54.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R6(config)#cry
R6(config)#crypto i
R6(config)#crypto isa
R6(config)#crypto isakmp poli
R6(config)#crypto isakmp policy 1
R6(config-isakmp)#ecn 
R6(config-isakmp)#enc 
R6(config-isakmp)#en         
R6(config-isakmp)#e          
R6(config-isakmp)#e
R6(config-isakmp)#e
R6(config-isakmp)#e
R6(config-isakmp)#en
R6(config-isakmp)#encryption 3de
R6(config-isakmp)#encryption 3des 
R6(config-isakmp)#ha
R6(config-isakmp)#hash md
R6(config-isakmp)#hash md5 
R6(config-isakmp)#aut
R6(config-isakmp)#authentication pre
R6(config-isakmp)#authentication pre-share 
R6(config-isakmp)#gro
R6(config-isakmp)#group 2
R6(config-isakmp)#cry
R6(config-isakmp)#exit
R6(config)#cry
R6(config)#crypto isak
R6(config)#crypto isakmp ke
R6(config)#crypto isakmp key
R6(config)#crypto isakmp key cis
R6(config)#crypto isakmp key cisc
R6(config)#crypto isakmp key cisco addre
R6(config)#crypto isakmp key cisco address ?
  A.B.C.D  Peer IP address
  ipv6     define shared key with IPv6 address

R6(config)#crypto isakmp key cisco address 0.0.0.0
R6(config)#cry
R6(config)#crypto i
R6(config)#crypto isa
R6(config)#crypto isakmp kee
R6(config)#crypto isakmp keepalive 30
R6(config)#cry
R6(config)#crypto ipse
R6(config)#crypto ipsec tra
R6(config)#crypto ipsec transform-set TS-IPSEC1 es
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des es
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac 
R6(cfg-crypto-trans)#mod
R6(cfg-crypto-trans)#mode tra
R6(cfg-crypto-trans)#mode transport 
R6(cfg-crypto-trans)#exit
R6(config)#cry
R6(config)#crypto ip
R6(config)#crypto ipsec pro
R6(config)#crypto ipsec profile PRO-DMVPN1
R6(ipsec-profile)#set tra
R6(ipsec-profile)#set transform-set TS-IPSEC1
R6(ipsec-profile)#int tun0
R6(config-if)#ip add
R6(config-if)#ip address 
*Apr 30 05:32:56.786: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R6(config-if)#ip address 172.16.0.6 255.255.255.0
R6(config-if)#tunn
R6(config-if)#tunnel so
R6(config-if)#tunnel source 106.0.0.6
R6(config-if)#tunn
R6(config-if)#tunnel m
R6(config-if)#tunnel mo
R6(config-if)#tunnel mode gr
R6(config-if)#tunnel mode gre mu
R6(config-if)#tunnel mode gre multipoint 
R6(config-if)#tunn
R6(config-if)#tunnel ke
R6(config-if)#tunnel key 10
R6(config-if)#tunn
R6(config-if)#tunnel pro
R6(config-if)#tunnel protection 
*Apr 30 05:35:45.806: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R6(config-if)#tunnel protection ipse
R6(config-if)#tunnel protection ipsec pro
R6(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R6(config-if)#ip nh
R6(config-if)#ip nhrp 
*Apr 30 05:35:54.517: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R6(config-if)#ip nhrp netwo
R6(config-if)#ip nhrp network-id 100
R6(config-if)#ip nh
R6(config-if)#ip nhrp nhs 172.16.0.1
R6(config-if)#ip nhr
R6(config-if)#ip nhrp map 172.16.0.1 100.0.0.1
R6(config-if)#ip nh
R6(config-if)#ip nhrp map
R6(config-if)#ip nhrp map mul
R6(config-if)#ip nhrp map multicast 100.0.0.1
R6(config-if)#ip os
R6(config-if)#ip ospf pri
R6(config-if)#ip ospf priority 0
R6(config-if)#rou
R6(config-if)#router ospf 1
R6(config-router)#netwo
R6(config-router)#network 172.16.0.6 0.0.0.0 area 0
R6(config-router)#net
*Apr 30 05:36:55.188: %OSPF-4-NET_TYPE_MISMATCH: Received Hello from 100.0.0.1 on Tunnel0 indicating a  potential 
             network type mismatch
R6(config-router)#netwo
R6(config-router)#network 
*Apr 30 05:36:55.267: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R6(config-router)#int tun0
R6(config-if)#ip os
R6(config-if)#ip ospf netwo
R6(config-if)#ip ospf network bro
R6(config-if)#ip ospf network broadcast 
R6(config-if)#
*Apr 30 05:37:24.595: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Apr 30 05:37:24.689: %OSPF-5-ADJCHG: Process 1, Nbr 100.0.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R6(config-if)#router ospf 1
R6(config-router)#netwo
R6(config-router)#knetwonetwork 172.16.0.6
R6(config-router)#netwo                   
R6(config-router)#network 10.6.0.6 0.0.0.0 area
R6(config-router)#network 10.6.0.6 0.0.0.0 area 0
R6(config-router)#^Z
R6#sh ip 
*Apr 30 05:38:09.275: %SYS-5-CONFIG_I: Configured from console by console
R6#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O        10.100.0.0/24 [110/1001] via 172.16.0.1, 00:00:43, Tunnel0
O        10.200.0.0/24 [110/1001] via 172.16.0.2, 00:00:43, Tunnel0
R6#ping 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/19 ms
R6#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/54/79 ms
R6#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 13/262/1010 ms
R6#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/17/23 ms
R6#ping 10.200.0.202
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.0.202, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/16/24 ms

Topology: PPPoE + DMVPN + OSPF

PPPoE + mGRE + NHRP + IPsec + OSPF

figure ip is messed

Preparation

Project name: ccna-vpn-gre-0003-gre-over-ipsec-1-n

Project name: ccna-vpn-dmvpn-0001-mgre+nhrp

Configuration

  • R1
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 100.0.0.1 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@example.com
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end
  • R2
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 200.0.0.2 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@example.com
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end
  • R6
configure terminal
!
interface GigabitEthernet 0/1
no ip address
pppoe enable group global
pppoe-client dial-pool-number 10
exit
!
interface GigabitEthernet 0/0
ip tcp adjust-mss 1356
exit
!
interface Loopback 1
ip address 106.0.0.6 255.255.255.255
exit
!
interface Dialer 1
ip unnumbered Loopback 1
ip mtu 1454
encapsulation ppp
dialer pool 10
dialer-group 20
ppp authentication chap callin
ppp chap hostname ccie@isp3.pg1x.net
ppp chap password cc13
no shutdown
exit
!
ip route 0.0.0.0 0.0.0.0 Dialer 1
!
dialer-list 20 protocol ip permit
!
end
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#cry
R1(config)#crypto iksa
R1(config)#crypto iksak
R1(config)#cryp        
R1(config)#crypto isakm
R1(config)#crypto isakmp poli
R1(config)#crypto isakmp policy 1
R1(config-isakmp)#ecn
R1(config-isakmp)#en 
R1(config-isakmp)#encryption 3de
R1(config-isakmp)#encryption 3des 
R1(config-isakmp)#ha
R1(config-isakmp)#hash md
R1(config-isakmp)#hash md5 atu
R1(config-isakmp)#hash md5    
R1(config-isakmp)#auth
R1(config-isakmp)#authentication pre
R1(config-isakmp)#authentication pre-share 
R1(config-isakmp)#gro
R1(config-isakmp)#group 2
R1(config-isakmp)#exit
R1(config)#crypto
R1(config)#crypto isakm
R1(config)#crypto isakmp key cisco address 0.0.0.0
R1(config)#crypto isakm
R1(config)#crypto isakmp kee
R1(config)#crypto isakmp keepalive 30
R1(config)#cryp
R1(config)#crypto isakm
R1(config)#cryp          
R1(config)#crypto ipse
R1(config)#crypto ipsec trans
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3de
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R1(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac 
R1(cfg-crypto-trans)#mod
R1(cfg-crypto-trans)#mode tran
R1(cfg-crypto-trans)#mode transport 
R1(cfg-crypto-trans)#exit
R1(config)#cry
R1(config)#crypto ipse
R1(config)#crypto ipsec pro
R1(config)#crypto ipsec profile PRO-DMVPN1
R1(ipsec-profile)#set tra
R1(ipsec-profile)#set transform-set TS-IPSEC1
R1(ipsec-profile)#int tun0
R1(config-if)#ip
*Apr 30 06:38:51.897: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R1(config-if)#ip addre
R1(config-if)#ip address 172.16.0.1 255.255.255.0
R1(config-if)#ip mt
R1(config-if)#ip mtu 1368
R1(config-if)#tunn
R1(config-if)#tunnel sou
R1(config-if)#tunnel source Di
R1(config-if)#tunnel source Dialer 1
R1(config-if)#tunn
R1(config-if)#tunnel mo
R1(config-if)#tunnel mode gr
R1(config-if)#tunnel mode gre mu
R1(config-if)#tunnel mode gre multipoint 
R1(config-if)#tunn
R1(config-if)#tunnel ke
R1(config-if)#tunnel key 10
R1(config-if)#tunn
R1(config-if)#tunnel p
R1(config-if)#tunnel pr
R1(config-if)#tunnel protection ipse
R1(config-if)#tunnel protection ipsec pro
R1(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R1(config-if)#ip nh
R1(config-if)#ip nhrp netwo
R1(config-if)#ip nhrp network-id 100
R1(config-if)#ip nh
R1(config-if)#ip nhrp map mul
R1(config-if)#ip nhrp map multicast ?
  A.B.C.D     IP NBMA address
  X:X:X:X::X  IPv6 NBMA address
  dynamic     Dynamically learn destinations from client registrations on hub

R1(config-if)#ip nhrp map multicast dyn
R1(config-if)#ip nhrp map multicast dynamic 
R1(config-if)#ip os
R1(config-if)#ip ospf netwo
R1(config-if)#ip ospf network bro
R1(config-if)#ip ospf network broadcast 
R1(config-if)#router
R1(config-if)#router osp
R1(config-if)#router ospf 1
R1(config-router)#netwo
R1(config-router)#network 172.16.0.1 0.0.0.0 area 0
R1(config-router)#netwo
R1(config-router)#network 10.100.0.1 0.0.0.0 area
R1(config-router)#network 10.100.0.1 0.0.0.0 area 0
R1(config-router)#int lo0
R1(config-if)#ip add
R1(config-if)#ip address 1
*Apr 30 06:40:48.694: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R1(config-if)#ip address 100.0.0.1
% Incomplete command.

R1(config-if)#ip address 100.0.0.1 255.255.255.255
R1(config-if)#int gig0/1
R1(config-if)#no ip add
R1(config-if)#no ip address 
R1(config-if)#pppoe
R1(config-if)#pppoe en
R1(config-if)#pppoe enable 
R1(config-if)#ppp
*Apr 30 06:41:34.894: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R1(config-if)#pppoe
*Apr 30 06:41:34.898: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R1(config-if)#pppoe
R1(config-if)#pppoe-cli
R1(config-if)#pppoe-client di
R1(config-if)#pppoe-client dial-pool-number 1
R1(config-if)#int gig0/0
R1(config-if)#ip add
R1(config-if)#ip address 10.100.0.1 255.255.255.0
R1(config-if)#ip tc
R1(config-if)#ip tcp ad
R1(config-if)#ip tcp adjust-mss 1328
R1(config-if)#no shut
R1(config-if)#int gig0/1
R1(config-if)#no shut
R1(config-if)#int di
R1(config-if)#int dia1
R1(config-if)#ip unnu
R1(config-if)#ip unnumbered Loo
R1(config-if)#ip unnumbered Loopback 0
R1(config-if)#
*Apr 30 06:42:36.551: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R1(config-if)#
*Apr 30 06:42:36.608: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R1(config-if)#ip mt
R1(config-if)#ip mtu 1454
R1(config-if)#enca
R1(config-if)#encapsulation ppp
R1(config-if)#dia
R1(config-if)#dialerpo
R1(config-if)#dialer pooo
R1(config-if)#dialer poo 
R1(config-if)#dialer pool 1
R1(config-if)#dia
R1(config-if)#dialer-g
R1(config-if)#dialer-group r
R1(config-if)#dialer-group r
*Apr 30 06:43:04.833: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 06:43:04.837: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:43:06.896: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R1(config-if)#dialer-group  
*Apr 30 06:43:06.914: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R1(config-if)#dialer-group 1
R1(config-if)#ppp auth
R1(config-if)#ppp authe
R1(config-if)#ppp authentication chap calli
R1(config-if)#ppp authentication chap callin 
R1(config-if)#ppp chap hostna
R1(config-if)#ppp chap hostname ccie@example.com
*Apr 30 06:43:29.144: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 06:43:29.148: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:43:29.261: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R1(config-if)#ppp chap hostname ccie@example.com
*Apr 30 06:43:29.278: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R1(config-if)#ppp chap pass
R1(config-if)#ppp chap password cc13
R1(config-if)#exit  
R1(config)#ip route 0.0.0.0 0.0.0.0 D
*Apr 30 06:43:51.470: %DIALER-6-BIND: Interface Vi2 bound to profile Di1ia
R1(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
*Apr 30 06:43:51.475: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:43:52.012: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R1(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R1(config)#dia
R1(config)#dialer-li
R1(config)#dialer-list 1 pro
R1(config)#dialer-list 1 protocol ip per
R1(config)#dialer-list 1 protocol ip permit 
R1(config)#^Z
R1#
*Apr 30 06:44:09.301: %SYS-5-CONFIG_I: Configured from console by console
R1#ping 100.1.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.1.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/8 ms
R1#ping 35.0.0.5 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 35.0.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/11 ms
R1#
*Apr 30 06:55:40.644: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#
*Apr 30 06:56:40.645: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R1#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/17/20 ms
R1#sh run int tun0
Building configuration...

Current configuration : 284 bytes
!
interface Tunnel0
 ip address 172.16.0.1 255.255.255.0
 no ip redirects
 ip mtu 1368
 ip nhrp map multicast dynamic
 ip nhrp network-id 100
 ip ospf network broadcast
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel key 10
 tunnel protection ipsec profile PRO-DMVPN1
end

R1#
*Apr 30 06:58:46.830: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#sh ip proto
*** IP Routing is NSF aware ***

Routing Protocol is "application"
  Sending updates every 0 seconds
  Invalid after 0 seconds, hold down 0, flushed after 0
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Maximum path: 32
  Routing for Networks:
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 4)

Routing Protocol is "nhrp"
  Maximum path: 32
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 250)

Routing Protocol is "ospf 1"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 172.16.0.1
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    10.100.0.1 0.0.0.0 area 0
    172.16.0.1 0.0.0.0 area 0
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 110)

R1#
*Apr 30 06:59:46.831: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R1#sh ip int tun0 | i Internet
  Internet address is 172.16.0.1/24
R1#
*Apr 30 07:01:57.996: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#sh ip int tun0 | i MTU
  MTU is 1368 bytes
R1#sh ip ospf neigh detail
 Neighbor 172.16.0.2, interface address 172.16.0.2
    In the area 0 via interface Tunnel0
    Neighbor priority is 0, State is DOWN, 4 state changes
    Neighbor ignored, reenable in 00:00:15
    DR is 0.0.0.0 BDR is 0.0.0.0
    Options is 0x12 in Hello (E-bit, L-bit)
    LLS Options is 0x1 (LR)
    Index 0/0/0, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
R1#
*Apr 30 07:02:57.997: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R1#
*Apr 30 07:05:06.765: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R1#
*Apr 30 07:06:06.766: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
*Apr 30 07:06:07.011: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.2 on Tunnel0 from LOADING to FULL, Loading Done
R1#
*Apr 30 07:54:09.586: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.6 on Tunnel0 from LOADING to FULL, Loading Done
R1#
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#cry
R2(config)#crypto isak
R2(config)#crypto isakmp po
R2(config)#crypto isakmp policy 1 
R2(config-isakmp)#enc
R2(config-isakmp)#encryption  3de
R2(config-isakmp)#encryption  3des 
R2(config-isakmp)#ha
R2(config-isakmp)#hash md
R2(config-isakmp)#hash md5 
R2(config-isakmp)#auth
R2(config-isakmp)#authentication pre
R2(config-isakmp)#authentication pre-share 
R2(config-isakmp)#gr
R2(config-isakmp)#group 2
R2(config-isakmp)#cry
R2(config-isakmp)#cryp
R2(config-isakmp)#exit
R2(config)#cry
R2(config)#crypto isak
R2(config)#crypto isakmp ke
R2(config)#crypto isakmp key
R2(config)#crypto isakmp key cisco address 0.0.0.0
R2(config)#cry
R2(config)#crypto isak
R2(config)#crypto isakmp kee
R2(config)#crypto isakmp keepalive 30
R2(config)#cry
R2(config)#crypto ipse
R2(config)#crypto ipsec tran
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3de
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des es
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac h
R2(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac  
R2(cfg-crypto-trans)#mod
R2(cfg-crypto-trans)#mode tra
R2(cfg-crypto-trans)#mode transport 
R2(cfg-crypto-trans)#exit
R2(config)#cry
R2(config)#crypto ipse
R2(config)#crypto ipsec pro
R2(config)#crypto ipsec profile PRO-DMVPN1
R2(ipsec-profile)#set tra
R2(ipsec-profile)#set transform-set TS-IPSEC1
R2(ipsec-profile)#int tun0 
R2(config-if)#ip 
*Apr 30 06:46:40.154: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R2(config-if)#ip add
R2(config-if)#ip address 172.16.0.2 255.255.255.0
R2(config-if)#tunn
R2(config-if)#tunnel saou
R2(config-if)#tunnel sou 
R2(config-if)#tunnel source Dia
R2(config-if)#tunnel source Dialer 1
R2(config-if)#tunn
R2(config-if)#tunnel mo
R2(config-if)#tunnel mode gr
R2(config-if)#tunnel mode gre mul
R2(config-if)#tunnel mode gre multipoint 
R2(config-if)#tunn
R2(config-if)#tunnel ke
R2(config-if)#tunnel key 10
R2(config-if)#tunn
R2(config-if)#tunnel pro
R2(config-if)#tunnel protection ip
R2(config-if)#tunnel protection ipsec pro
R2(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R2(config-if)#ip nh
R2(config-if)#ip nhrp netow
R2(config-if)#ip nh        
R2(config-if)#ip nhrp netwo
R2(config-if)#ip nhrp network-id 100
R2(config-if)#ip nh
R2(config-if)#ip nhrp nhs 172.16.0.1
R2(config-if)#ip nh
R2(config-if)#ip nhrp map 172.16.0.1 100.0.0.1
R2(config-if)#ip nhr
R2(config-if)#ip nhrp ma
R2(config-if)#ip nhrp map
R2(config-if)#ip nhrp map mul
R2(config-if)#ip nhrp map multicast 100.0.0.1
R2(config-if)#ip os
R2(config-if)#ip ospf netwo
R2(config-if)#ip ospf network bro
R2(config-if)#ip ospf network broadcast 
R2(config-if)#ip os
R2(config-if)#ip ospf pri
R2(config-if)#ip ospf priority 0
R2(config-if)#router ospf 1 
R2(config-router)#netwo
R2(config-router)#network 172.16.0.2 0.0.0.0 area 0
R2(config-router)#netwo
R2(config-router)#network 10.200.0.2 0.0.0.0 area 0
R2(config-router)#int lo0
R2(config-if)#ip add
R2(config-if)#ip address 1
*Apr 30 06:50:22.469: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
R2(config-if)#ip address 200.0.0.2 255.255.255.255
R2(config-if)#int gig0/1
R2(config-if)#no ip addre
R2(config-if)#no ip address       
R2(config-if)#pppoe ena
R2(config-if)#pppoe enable 
R2(config-if)#pp
*Apr 30 06:50:54.101: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R2(config-if)#pppoe-
*Apr 30 06:50:54.104: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R2(config-if)#pppoe-clie
R2(config-if)#pppoe-client dial
R2(config-if)#pppoe-client dial-pool-number 1
R2(config-if)#int gig0/0
R2(config-if)#ip add
R2(config-if)#ip address 10.200.0.2 255.255.255.0  
R2(config-if)#ip tc
R2(config-if)#ip tcp ad
R2(config-if)#ip tcp adjust-mss 1328
R2(config-if)#int dia1
R2(config-if)#ip unnu
R2(config-if)#ip unnumbered lo0
R2(config-if)#
*Apr 30 06:52:25.082: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R2(config-if)#ip 
*Apr 30 06:52:25.141: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R2(config-if)#ip mt
R2(config-if)#ip mtu 1454
R2(config-if)#enca
R2(config-if)#encapsulation ppp
R2(config-if)#dia
R2(config-if)#dialer po
R2(config-if)#dialer pool 1
R2(config-if)#dia
R2(config-if)#dialer-gr
R2(config-if)#dialer-group 
*Apr 30 06:52:44.791: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 06:52:44.795: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:52:46.591: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R2(config-if)#dialer-group 
*Apr 30 06:52:46.605: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R2(config-if)#dialer-group 1
R2(config-if)#ppp auth
R2(config-if)#ppp authe
R2(config-if)#ppp authentication chap calli
R2(config-if)#ppp authentication chap callin 
R2(config-if)#ppp chap hostname ccie@example.com
R2(config-if)#
*Apr 30 06:53:08.836: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 06:53:08.839: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:53:08.945: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R2(config-if)#
*Apr 30 06:53:08.965: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R2(config-if)#ppp chap pass
R2(config-if)#ppp chap password cc13
R2(config-if)#exit
R2(config)#ip route 0.0.0.0 0.0.0.0 Dia
R2(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R2(config)#
*Apr 30 06:53:31.117: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
R2(config)#diale
*Apr 30 06:53:31.121: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 06:53:31.686: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R2(config)#dialer
R2(config)#dialer-li
R2(config)#dialer-list 1 pro
R2(config)#dialer-list 1 protocol ip per
R2(config)#dialer-list 1 protocol ip permit 
R2(config)#^Z
R2#sh i
*Apr 30 06:53:41.892: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

R2#ping 200.2.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.2.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/6/16 ms
R2#ping 100.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/10 ms
R2#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, Dialer1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.200.0.0/24 is directly connected, GigabitEthernet0/0
L        10.200.0.2/32 is directly connected, GigabitEthernet0/0
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.0.0/24 is directly connected, Tunnel0
L        172.16.0.2/32 is directly connected, Tunnel0
      200.0.0.0/32 is subnetted, 1 subnets
C        200.0.0.2 is directly connected, Loopback0
      200.2.4.0/32 is subnetted, 1 subnets
C        200.2.4.4 is directly connected, Dialer1
R2#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

R2#sh ip ospf neigh
R2#sh ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   EXSTART/DR      00:00:37    172.16.0.1      Tunnel0
R2#sh ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   EXSTART/DR      00:00:35    172.16.0.1      Tunnel0
R2#sh ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   EXSTART/DR      00:00:39    172.16.0.1      Tunnel0
R2#sh ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   EXSTART/DR      00:00:39    172.16.0.1      Tunnel0
R2#sh ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   EXSTART/DR      00:00:38    172.16.0.1      Tunnel0
R2#sh ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   EXSTART/DR      00:00:37    172.16.0.1      Tunnel0
R2#sh ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   EXSTART/DR      00:00:36    172.16.0.1      Tunnel0
R2#sh ipse
R2#sh ip i
*Apr 30 06:55:42.979: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R2#sh ip ipse
R2#sh ip ipsec
R2#sh ipse    
R2#sh ipse
R2#sh ipse
R2#sh cry 
R2#sh crypto ip
R2#sh crypto ipsec sa

interface: Tunnel0
    Crypto map tag: Tunnel0-head-0, local addr 200.0.0.2

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (200.0.0.2/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (100.0.0.1/255.255.255.255/47/0)
   current_peer 100.0.0.1 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 45, #pkts encrypt: 45, #pkts digest: 45
    #pkts decaps: 44, #pkts decrypt: 44, #pkts verify: 44
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 200.0.0.2, remote crypto endpt.: 100.0.0.1
     plaintext mtu 1442, path mtu 1472, ip mtu 1472, ip mtu idb Tunnel0
     current outbound spi: 0xCD11C1FD(3440493053)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0x8D00840B(2365621259)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Transport, }
        conn id: 1, flow_id: SW:1, sibling_flags 80004000, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4608000/3449)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)
      spi: 0x2F470E3D(793185853)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Transport, }
        conn id: 3, flow_id: SW:3, sibling_flags 80000000, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4193753/3449)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x43219BBB(1126276027)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Transport, }
        conn id: 2, flow_id: SW:2, sibling_flags 80004000, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4608000/3449)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)
      spi: 0xCD11C1FD(3440493053)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Transport, }
        conn id: 4, flow_id: SW:4, sibling_flags 80000000, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4193753/3449)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE(ACTIVE)

     outbound ah sas:

     outbound pcp sas:
R2# 
*Apr 30 06:56:42.979: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R2#sh crypto ipsec sa

interface: Tunnel0
    Crypto map tag: Tunnel0-head-0, local addr 200.0.0.2

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (200.0.0.2/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (100.0.0.1/255.255.255.255/47/0)
   current_peer 100.0.0.1 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 56, #pkts encrypt: 56, #pkts digest: 56
    #pkts decaps: 54, #pkts decrypt: 54, #pkts verify: 54
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 200.0.0.2, remote crypto endpt.: 100.0.0.1
     plaintext mtu 1442, path mtu 1472, ip mtu 1472, ip mtu idb Tunnel0
     current outbound spi: 0xCD11C1FD(3440493053)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0x8D00840B(2365621259)
          
R2#ping 172.16.0.1   
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/18/27 ms
R2#sh run | s tun0
R2#sh run tun0    
          ^
% Invalid input detected at '^' marker.

R2#sh run int tun0
Building configuration...

Current configuration : 351 bytes
!
interface Tunnel0
 ip address 172.16.0.2 255.255.255.0
 no ip redirects
 ip nhrp map 172.16.0.1 100.0.0.1
 ip nhrp map multicast 100.0.0.1
 ip nhrp network-id 100
 ip nhrp nhs 172.16.0.1
 ip ospf network broadcast
 ip ospf priority 0
 tunnel source Dialer1
 tunnel mode gre multipoint
 tunnel key 10
 tunnel protection ipsec profile PRO-DMVPN1
end

R2#sh ip proto
*** IP Routing is NSF aware ***

Routing Protocol is "application"
  Sending updates every 0 seconds
  Invalid after 0 seconds, hold down 0, flushed after 0
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Maximum path: 32
  Routing for Networks:
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 4)

Routing Protocol is "nhrp"
  Maximum path: 32
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 250)

Routing Protocol is "ospf 1"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 172.16.0.2
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    10.200.0.2 0.0.0.0 area 0
    172.16.0.2 0.0.0.0 area 0
  Routing Information Sources:
    Gateway         Distance      Last Update
  Distance: (default is 110)

R2#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         10.200.0.2      YES NVRAM  up                    up      
GigabitEthernet0/1         unassigned      YES NVRAM  up                    up      
GigabitEthernet0/2         unassigned      YES NVRAM  administratively down down    
GigabitEthernet0/3         unassigned      YES NVRAM  administratively down down    
Dialer1                    200.0.0.2       YES TFTP   up                    up      
Loopback0                  200.0.0.2       YES manual up                    up      
Tunnel0                    172.16.0.2      YES manual up                    up      
Virtual-Access1            unassigned      YES unset  up                    up      
Virtual-Access2            unassigned      YES unset  up                    up      
R2#sh ip int tun0 | i Internet
  Internet address is 172.16.0.2/24
R2#sh ip int tun0 | i M
*Apr 30 07:02:01.972: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R2#sh ip int tun0 | i MTU
  MTU is 1472 bytes
R2#sh ip ospf neigh detai
R2#sh ip ospf neigh detail 
 Neighbor 172.16.0.1, interface address 172.16.0.1
    In the area 0 via interface Tunnel0
    Neighbor priority is 1, State is DOWN, 7 state changes
    Neighbor ignored, reenable in 00:00:24
    DR is 0.0.0.0 BDR is 0.0.0.0
    Options is 0x12 in Hello (E-bit, L-bit)
    LLS Options is 0x1 (LR)
    Index 0/0/0, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
R2#
*Apr 30 07:03:01.973: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
R2#cofn t
     ^
% Invalid input detected at '^' marker.

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int tun0
R2(config-if)#ip mt
R2(config-if)#ip mtu 1368
*Apr 30 07:05:09.284: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
R2(config-if)#ip mtu 1368
R2(config-if)#do sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   DOWN/DROTHER       -        172.16.0.1      Tunnel0
R2(config-if)#do sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   DOWN/DROTHER       -        172.16.0.1      Tunnel0
R2(config-if)#do sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   DOWN/DROTHER       -        172.16.0.1      Tunnel0
R2(config-if)#do sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   DOWN/DROTHER       -        172.16.0.1      Tunnel0
R2(config-if)#do sh ip int | i MTU
  MTU is 1500 bytes
  MTU is 1454 bytes
  MTU is 1514 bytes
  MTU is 1368 bytes
R2(config-if)#do sh ip int tun0 | i MTU
  MTU is 1368 bytes
R2(config-if)#
*Apr 30 07:06:09.284: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from DOWN to DOWN, Neighbor Down: Ignore timer expired
*Apr 30 07:06:09.676: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R2(config-if)#^Z
R2#sh ip
*Apr 30 07:06:13.859: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O        10.100.0.0/24 [110/1001] via 172.16.0.1, 00:00:02, Tunnel0
R2#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/23 ms
R2#
R6#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R6(config)#cry
R6(config)#crypto isak
R6(config)#crypto isakmp po
R6(config)#crypto isakmp policy 1
R6(config-isakmp)#enc
R6(config-isakmp)#encryption 3de
R6(config-isakmp)#encryption 3des 
R6(config-isakmp)#ha
R6(config-isakmp)#hash md
R6(config-isakmp)#hash md5 
R6(config-isakmp)#auth
R6(config-isakmp)#authentication pre
R6(config-isakmp)#authentication pre-share 
R6(config-isakmp)#gr
R6(config-isakmp)#group 2
R6(config-isakmp)#cry
R6(config-isakmp)#exit   
R6(config)#crypto
R6(config)#crypto isak
R6(config)#crypto isakmp ke
R6(config)#crypto isakmp key cisco add
R6(config)#crypto isakmp key cisco address 0.0.0.0
R6(config)#crypto
R6(config)#crypto isakm
R6(config)#crypto isakmp kee
R6(config)#crypto isakmp keepalive 30
R6(config)#crypt
R6(config)#crypto ipse
R6(config)#crypto ipsec tran
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3de
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md
R6(config)#crypto ipsec transform-set TS-IPSEC1 esp-3des esp-md5-hmac 
R6(cfg-crypto-trans)#mod
R6(cfg-crypto-trans)#mode tra
R6(cfg-crypto-trans)#mode transport 
R6(cfg-crypto-trans)#cry
R6(cfg-crypto-trans)#cryp
R6(cfg-crypto-trans)#exit
R6(config)#cryp
R6(config)#crypto ipse
R6(config)#crypto ipsec pro
R6(config)#crypto ipsec profile PRO-DMVPN1
R6(ipsec-profile)#set tra
R6(ipsec-profile)#set transform-set TS-IPSEC1
R6(ipsec-profile)#int tun0
R6(config-if)#
*Apr 30 07:32:49.891: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R6(config-if)#ip add
R6(config-if)#ip address 172.16.0.6 255.255.255.0
R6(config-if)#tunn
R6(config-if)#tunnel sour
R6(config-if)#tunnel source Dia
R6(config-if)#tunnel source Dialer 1
R6(config-if)#tunn
R6(config-if)#tunnel mod
R6(config-if)#tunnel mode gr
R6(config-if)#tunnel mode gre mu
R6(config-if)#tunnel mode gre multipoint 
R6(config-if)#tunn
R6(config-if)#tunnel ke
R6(config-if)#tunnel key 10
R6(config-if)#tunn
R6(config-if)#tunnel p
R6(config-if)#tunnel pro
R6(config-if)#tunnel protection ipse
R6(config-if)#tunnel protection ipsec pro
R6(config-if)#tunnel protection ipsec profile PRO-DMVPN1
R6(config-if)#ip nh
R6(config-if)#ip nhrp netwo
R6(config-if)#ip nhrp network-id 100
R6(config-if)#ip nh
R6(config-if)#ip nhrp nhs 172.16.0.1 
R6(config-if)#ip nh
R6(config-if)#ip nhrp map 172.16.0.1 100.0.0.1
R6(config-if)#ip nhrp map mul
R6(config-if)#ip nhrp map multicast 100.0.0.1
R6(config-if)#ip osp
R6(config-if)#ip ospf netwo
R6(config-if)#ip ospf network bro
R6(config-if)#ip ospf network broadcast 
R6(config-if)#ip os
R6(config-if)#ip ospf pri
R6(config-if)#ip ospf priority o
R6(config-if)#ip ospf priority 0
R6(config-if)#router ospf 1 
R6(config-router)#netwo
R6(config-router)#network 172.16.0.6 0.0.0.0 area 0
R6(config-router)#net
R6(config-router)#network 10.6.0.6 0.0.0.0 area 0
R6(config-router)#int lo0
R6(config-if)#ip 
*Apr 30 07:48:55.542: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to upa
R6(config-if)#ip add
R6(config-if)#ip address 106.0.0.6 255.255.255.255
R6(config-if)#int gig0/1
R6(config-if)#no ip add
R6(config-if)#no ip address 
R6(config-if)#pppoe enabl
R6(config-if)#pppoe enable 
R6(config-if)#pppoe 
*Apr 30 07:50:22.401: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up
R6(config-if)#pppoe-
*Apr 30 07:50:22.404: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
R6(config-if)#pppoe-clie
R6(config-if)#pppoe-client dia
R6(config-if)#pppoe-client dial-pool-number 1
R6(config-if)#int gig0/0
R6(config-if)#ip addre
R6(config-if)#ip address 10.6.0.6 255.255.255.0
R6(config-if)#ip tcp ad
R6(config-if)#ip tcp adjust-mss 1328
R6(config-if)#int tun0
R6(config-if)#ip mt
R6(config-if)#ip mtu 1368
R6(config-if)#int gig0/0
R6(config-if)#int dia 1
R6(config-if)#ip unnu
R6(config-if)#ip unnumbered Lo
R6(config-if)#ip unnumbered Loo
R6(config-if)#ip unnumbered Loopback 0
R6(config-if)#ip
*Apr 30 07:53:12.605: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R6(config-if)#ip mt
R6(config-if)#ip mtu 
*Apr 30 07:53:12.668: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
R6(config-if)#ip mtu 1454
R6(config-if)#enca
R6(config-if)#encapsulation ppp
R6(config-if)#dial
R6(config-if)#dialer po
R6(config-if)#dialer pool 1
R6(config-if)#dia
R6(config-if)#dialer-g
R6(config-if)#dialer-group 
*Apr 30 07:53:26.348: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 07:53:26.353: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 07:53:28.231: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R6(config-if)#dialer-group 
*Apr 30 07:53:28.247: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R6(config-if)#dialer-group 1
R6(config-if)#ppp auth
R6(config-if)#ppp authe
R6(config-if)#ppp authentication chap calli
R6(config-if)#ppp authentication chap callin 
R6(config-if)#ppp chap hostnae
R6(config-if)#ppp chap hostna 
R6(config-if)#ppp chap hostname ccie@
*Apr 30 07:53:50.543: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Apr 30 07:53:50.547: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 07:53:50.640: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
R6(config-if)#ppp chap hostname ccie@isp3
*Apr 30 07:53:50.655: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
R6(config-if)#ppp chap hostname ccie@isp3.pg1x.net
R6(config-if)#ppp chap
R6(config-if)#ppp chap pass
R6(config-if)#ppp chap password cc13
R6(config-if)#exit
R6(config)#ip route 0.0.0.0 0.0.0.0
*Apr 30 07:54:12.886: %DIALER-6-BIND: Interface Vi2 bound to profile Di1 D
R6(config)#ip route 0.0.0.0 0.0.0.0 Dia
R6(config)#ip route 0.0.0.0 0.0.0.0 Dialer 
*Apr 30 07:54:12.889: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Apr 30 07:54:13.434: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
R6(config)#ip route 0.0.0.0 0.0.0.0 Dialer 1
R6(config)#dia
R6(config)#dialer-li
R6(config)#dialer-list 1 
*Apr 30 07:54:19.670: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.0.1 on Tunnel0 from LOADING to FULL, Loading Done
R6(config)#dialer-list 1 pro
R6(config)#dialer-list 1 protocol ip
R6(config)#dialer-list 1 protocol ip per
R6(config)#dialer-list 1 protocol ip permit 
R6(config)#^Z
R6#sh ip 
*Apr 30 07:54:25.651: %SYS-5-CONFIG_I: Configured from console by console
R6#sh ip ro ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O        10.100.0.0/24 [110/1001] via 172.16.0.1, 00:00:04, Tunnel0
O        10.200.0.0/24 [110/1001] via 172.16.0.2, 00:00:04, Tunnel0
R6#ping 172.16.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 14/17/24 ms
R6#ping 172.16.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/36/53 ms
R6#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 7/258/1005 ms
R6#ping 10.100.0.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.101, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 13/16/22 ms
R6#ping 10.200.0.202
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.200.0.202, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/20 ms
R6#sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.0.1        1   FULL/DR         00:00:39    172.16.0.1      Tunnel0
R6#ping 10.200.0.202 repeat 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 10.200.0.202, timeout is 2 seconds:
.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 99 percent (622/624), round-trip min/avg/max = 7/16/1018 ms
R6#

References

tech/network/cisco/vpn/tunneling/dmvpn/dmvpn.txt · Last modified: 2019/04/30 17:02 by wnoguchi