{"id":984,"date":"2021-10-11T21:02:50","date_gmt":"2021-10-12T04:02:50","guid":{"rendered":"https:\/\/www.xh86.me\/?p=984"},"modified":"2021-10-11T21:02:50","modified_gmt":"2021-10-12T04:02:50","slug":"%e6%80%9d%e7%a7%91%e8%b7%af%e7%94%b1%e5%99%a8dmvpn%e9%85%8d%e7%bd%ae","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=984","title":{"rendered":"\u601d\u79d1\u8def\u7531\u5668DMvpn\u914d\u7f6e"},"content":{"rendered":"

\u62d3\u6251\uff1a<\/h3>\n

\"\"<\/div><\/p>\n

R1\uff1a<\/p>\n

\n
\n
crypto isakmp policy 10\r\n encr aes 256\r\n authentication pre-share\r\n group 5\r\n lifetime 3600\r\ncrypto isakmp key 6 CCIE address 0.0.0.0\r\n!\u914d\u7f6e\u7b56\u7565\u548c\u8ba4\u8bc1\r\n!\r\ncrypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac\r\n mode transport\r\n!\u914d\u7f6e\u4f20\u8f93\u7ec4\u548c\u5c01\u88c5\u65b9\u6cd5\u4ee5\u53ca\u8fd0\u884c\u6a21\u5f0f\uff08\u4f20\u8f93\u6a21\u5f0f\uff09\r\ncrypto ipsec profile MYPRO\r\n set transform-set MYSET\r\n!\u914d\u7f6eIPSec\u4fdd\u62a4\u6587\u4ef6\u5e76\u5e94\u7528\u4f20\u8f93\u7ec4\r\n!\r\n!\r\n!\r\n!\r\n!\r\n!\r\ninterface Tunnel0\r\n ip address 10.0.0.1 255.255.255.0 #\u914d\u7f6etun 0\u7684\u5730\u5740\r\n no ip redirects\r\n ip nhrp map multicast dynamic #\u8bbe\u7f6enhrp\u7684\u6620\u5c04\u8868\u4e3a\u52a8\u6001\u5b66\u4e60\r\n ip nhrp network-id 10 #\u8bbe\u7f6enhrp\u7684\u7ec4\u53f7\uff08\u548c\u6240\u6709spoke\u7684\u7ec4\u53f7\u76f8\u540c\uff09\r\n ip nhrp redirect #\u91cd\u5b9a\u5411spoke\u4e4b\u95f4\u7684\u8def\u7531\r\n ip ospf network point-to-multipoint #\u8bbe\u7f6e\u96a7\u9053\u95f4\u7684ospf\u7f51\u7edc\u4e3a\u70b9\u5230\u591a\u70b9\uff08\u9ed8\u8ba4\u4e3a\u70b9\u5230\u70b9\uff09\r\n tunnel source Ethernet0\/0 #\u8bbe\u7f6etun 0\u7684\u6e90\u7aef\u53e3\r\n tunnel mode gre multipoint #\u8bbe\u7f6egre\u4e3a\u591a\u70b9\r\n tunnel protection ipsec profile MYPRO #\u5e94\u7528IPSec\u4fdd\u62a4\u6587\u4ef6\u5230tun 0\r\n!\r\ninterface Ethernet0\/0\r\n ip address 202.0.14.1 255.255.255.0\r\n ip nat outside\r\n ip virtual-reassembly in\r\n!\r\ninterface Ethernet0\/1\r\n ip address 192.168.1.254 255.255.255.0\r\n ip nat inside\r\n ip virtual-reassembly in\r\n!\r\ninterface Ethernet0\/2\r\n no ip address\r\n shutdown\r\n!\r\ninterface Ethernet0\/3\r\n no ip address\r\n shutdown\r\n!\r\nrouter ospf 1\r\n network 10.0.0.1 0.0.0.0 area 0\r\n network 192.168.1.254 0.0.0.0 area 0\r\n!\r\nip forward-protocol nd\r\n!\r\n!\r\nno ip http server\r\nno ip http secure-server\r\nip nat inside source list 99 interface Ethernet0\/0 overload\r\nip route 0.0.0.0 0.0.0.0 202.0.14.4\r\n!\r\n!\r\n!\r\naccess-list 99 permit 192.168.1.0 0.0.0.255\r\n!\r\n<\/pre>\n<\/div>\n<\/div>\n
R2\uff1a<\/p>\n
\n
\n
crypto isakmp policy 10\r\n encr aes 256\r\n authentication pre-share\r\n group 5\r\n lifetime 3600\r\ncrypto isakmp key 6 CCIE address 0.0.0.0\r\n!\r\n!\r\ncrypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac\r\n mode transport\r\n!\r\ncrypto ipsec profile MYPRO\r\n set transform-set MYSET\r\n!\r\n!\r\n!\r\n!\r\n!\r\n!\r\n!\r\ninterface Tunnel0\r\n ip address 10.0.0.2 255.255.255.0\r\n no ip redirects\r\n ip nhrp map 10.0.0.1 202.0.14.1 #\u9759\u6001\u7ed1\u5b9ahub\u7684\u6620\u5c04\u8868\r\n ip nhrp map multicast 202.0.14.1 #\u5c06\u5230hub\u7684\u7ec4\u64ad\u8f6c\u6362\u4e3a\u76ee\u7684\u5730\u5740\u4e3ahub\u516c\u7f51\u5730\u5740\u7684\u5355\u64ad\r\n ip nhrp network-id 10\r\n ip nhrp nhs 10.0.0.1 #\u8bbe\u7f6enhrp\u7684\u6ce8\u518c\u5730\u5740\u4e3ahub\u7684\u96a7\u9053\u5730\u5740\r\n ip nhrp shortcut #\u8bbe\u7f6e\u6377\u5f84\u6a21\u5f0f\uff08\u53bb\u5f80\u5176\u4ed6spoke\u7684\u6d41\u91cf\u8d70\u76f4\u8fde\uff09\r\n ip ospf network point-to-multipoint\r\n tunnel source Ethernet0\/0\r\n tunnel mode gre multipoint\r\n tunnel protection ipsec profile MYPRO\r\n!\r\ninterface Ethernet0\/0\r\n ip address 202.0.25.2 255.255.255.0\r\n ip nat outside\r\n ip virtual-reassembly in\r\n!\r\ninterface Ethernet0\/1\r\n ip address 192.168.2.254 255.255.255.0\r\n ip nat inside\r\n ip virtual-reassembly in\r\n!\r\ninterface Ethernet0\/2\r\n no ip address\r\n shutdown\r\n!\r\ninterface Ethernet0\/3\r\n no ip address\r\n shutdown\r\n!\r\nrouter ospf 1\r\n network 10.0.0.2 0.0.0.0 area 0\r\n network 192.168.2.254 0.0.0.0 area 0\r\n!\r\nip forward-protocol nd\r\n!\r\n!\r\nno ip http server\r\nno ip http secure-server\r\nip nat inside source list 99 interface Ethernet0\/0 overload\r\nip route 0.0.0.0 0.0.0.0 202.0.25.5\r\n!\r\n!\r\n!\r\naccess-list 99 permit 192.168.2.0 0.0.0.255\r\n<\/pre>\n<\/div>\n<\/div>\n
R3\uff1a<\/p>\n
\n
\n
crypto isakmp policy 10\r\n encr aes 256\r\n authentication pre-share\r\n group 5\r\n lifetime 3600\r\ncrypto isakmp key 6 CCIE address 0.0.0.0\r\n!\r\n!\r\ncrypto ipsec transform-set MYSET esp-aes 256 esp-sha-hmac\r\n mode transport\r\n!\r\ncrypto ipsec profile MYPRO\r\n set transform-set MYSET\r\n!\r\n!\r\n!\r\n!\r\n!\r\n!\r\n!\r\ninterface Tunnel0\r\n ip address 10.0.0.3 255.255.255.0\r\n no ip redirects\r\n ip nhrp map 10.0.0.1 202.0.14.1\r\n ip nhrp map multicast 202.0.14.1\r\n ip nhrp network-id 10\r\n ip nhrp nhs 10.0.0.1\r\n ip nhrp shortcut\r\n ip ospf network point-to-multipoint\r\n tunnel source Ethernet0\/0\r\n tunnel mode gre multipoint\r\n tunnel protection ipsec profile MYPRO\r\n!\r\ninterface Ethernet0\/0\r\n ip address 202.0.36.3 255.255.255.0\r\n ip nat outside\r\n ip virtual-reassembly in\r\n!\r\ninterface Ethernet0\/1\r\n ip address 192.168.3.254 255.255.255.0\r\n ip nat inside\r\n ip virtual-reassembly in\r\n!\r\ninterface Ethernet0\/2\r\n no ip address\r\n shutdown\r\n!\r\ninterface Ethernet0\/3\r\n no ip address\r\n shutdown\r\n!\r\nrouter ospf 1\r\n network 10.0.0.3 0.0.0.0 area 0\r\n network 192.168.3.254 0.0.0.0 area 0\r\n!\r\nip forward-protocol nd\r\n!\r\n!\r\nno ip http server\r\nno ip http secure-server\r\nip nat inside source list 99 interface Ethernet0\/0 overload\r\nip route 0.0.0.0 0.0.0.0 202.0.36.6\r\n!\r\n!\r\n!\r\naccess-list 99 permit 192.168.3.0 0.0.0.255<\/pre>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
\u62d3\u6251\uff1a R1\uff1a crypto isakmp policy 10 encr aes 256 authentica […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-984","post","type-post","status-publish","format-standard","hentry","category-cisco"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=984"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/984\/revisions"}],"predecessor-version":[{"id":985,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/984\/revisions\/985"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}