8/3/2019 GRE Over Ipsec
1/3
HUB
conf tint fa0/0no shutip address 172.16.1.1 255.255.255.0speed 100
duplex full
interface Tunnel0ip address 192.168.1.1 255.255.255.0tunnel source fa0/0tunnel destination 172.16.1.11
interface Tunnel1ip address 192.168.2.1 255.255.255.0
tunnel source fa0/0tunnel destination 172.16.1.12
interface Tunnel2ip address 192.168.3.1 255.255.255.0tunnel source fa0/0tunnel destination 172.16.1.13
crypto isakmp policy 1authentication pre-sharecrypto isakmp key cisco123 address 0.0.0.0
no crypto isakmp key cisco123 address 172.16.1.11no crypto isakmp key cisco123 address 172.16.1.12no crypto isakmp key cisco123 address 172.16.1.13!crypto ipsec transform-set strong esp-3des esp-md5-hmacmode transport
crypto map vpn 10 ipsec-isakmpset peer 172.16.1.11set transform-set strongmatch address 130crypto map vpn 20 ipsec-isakmp
set peer 172.16.1.12set transform-set strongmatch address 140crypto map vpn 30 ipsec-isakmpset peer 172.16.1.13set transform-set strongmatch address 150
conf tip access-list extended 130permit ip any anyip access-list extended 140permit ip any any
ip access-list extended 150permit ip any any
8/3/2019 GRE Over Ipsec
2/3
router eigrp 60network 192.168.0.0 0.0.255.255auto-summaryno eigrp log-neighbor-changes
=============================Spoke 1==============================
conf tint range fa0/0no shutip address 172.16.1.11 255.255.255.0speed 100duplex full
interface Tunnel0ip address 192.168.1.2 255.255.255.0tunnel source fa0/0tunnel destination 172.16.1.1
crypto isakmp policy 1authentication pre-sharecrypto isakmp key cisco123 address 0.0.0.0no crypto isakmp key cisco123 address 172.16.1.1
!crypto ipsec transform-set strong esp-3des esp-md5-hmacmode transport
crypto map vpn 10 ipsec-isakmpset peer 172.16.1.1
set transform-set strongmatch address 130
ip access-list extended 130permit ip any any
router eigrp 60network 192.168.0.0 0.0.255.255auto-summaryno eigrp log-neighbor-changes
=============================Spoke 2==============================
conf tint fa0/0no shutip address 172.16.1.12 255.255.255.0speed 100duplex full
interface Tunnel0ip address 192.168.2.2 255.255.255.0tunnel source fa0/0tunnel destination 172.16.1.1
crypto isakmp policy 1authentication pre-share
8/3/2019 GRE Over Ipsec
3/3
crypto isakmp key cisco123 address 0.0.0.0no crypto isakmp key cisco123 address 172.16.1.1!crypto ipsec transform-set strong esp-3des esp-md5-hmacmode transport
crypto map vpn 10 ipsec-isakmp
set peer 172.16.1.1set transform-set strongmatch address 130
ip access-list extended 130permit ip any any
router eigrp 60network 192.168.0.0 0.0.255.255auto-summaryno eigrp log-neighbor-changes
=============================Spoke 3==============================
conf tint fa0/0ip address 172.16.1.13 255.255.255.0no shutspeed 100duplex full
interface Tunnel0ip address 192.168.3.2 255.255.255.0tunnel source fa0/0
tunnel destination 172.16.1.1
crypto isakmp policy 1authentication pre-sharecrypto isakmp key cisco123 address 0.0.0.0no crypto isakmp key cisco123 address 172.16.1.1!crypto ipsec transform-set strong esp-3des esp-md5-hmacmode transport
crypto map vpn 10 ipsec-isakmpset peer 172.16.1.1set transform-set strongmatch address 130
ip access-list extended 130permit ip any any
router eigrp 60network 192.168.0.0 0.0.255.255auto-summaryno eigrp log-neighbor-changes
Top Related