DMVPN with EIGRP

hostname VPN-Router-1
!
!
!
crypto keyring DMVPN-KEYRING vrf INET-PUBLIC-ONE
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco101
!
crypto keyring DMVPN-KEYRING vrf INET-PUBLIC-TWO
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco202
!
!
!
crypto isakmp policy 10
encr aes 256
hash sha
authentication pre-share
group 2
!
!
!
crypto isakmp profile ISAKMP-INET-PUBLIC-PROF-1
keyring DMVPN-KEYRING-ONE
match identity address 0.0.0.0 INET-PUBLIC-ONE
!
crypto isakmp profile ISAKMP-INET-PUBLIC-PROF-2
keyring DMVPN-KEYRING-TWO
match identity address 0.0.0.0 INET-PUB-TWO
!
!
!
crypto ipsec transform-set AES256/SHA/TRANSPORT esp-aes 256
esp-sha-hmac
mode transport (used for devices behind a NAT)
!
!
!
crypto ipsec profile DMVPN-PROFILE-ONE
set transform-set AES256/SHA/TRANSPORT
set isakmp-profile FVRF-ISAKMP-INET-PUBLIC
!
crypto ipsec profile DMVPN-PROFILE-TWO
set transform-set AES256/SHA/TRANSPORT
set isakmp-profile ISAKMP-INET-PUBLIC-TWO
!
!
!
interface Tunnel11
bandwidth 10000 (available bandwidth)
ip address 10.11.11.1 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel vrf INET-PUBLIC
tunnel protection ipsec profile DMVPN-PROFILE-ONE
ip nhrp authentication cisco111
ip nhrp map multicast dynamic
ip nhrp network-id 101
ip nhrp holdtime 600
ip nhrp redirect
no ip redirects
ip mtu 1400
ip tcp adjust-mss 1360
ip hello-interval eigrp 100 20
ip hold-time eigrp 100 60
no ip split-horizon eigrp 100
!
interface Tunnel12
bandwidth 10000 (available bandwidth)
ip address 10.12.12.1 255.255.255.0
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel vrf INET-PUBLIC
tunnel protection ipsec profile DMVPN-PROFILE-TWO
ip nhrp authentication cisco222
ip nhrp map multicast dynamic
ip nhrp network-id 101
ip nhrp holdtime 600
ip nhrp redirect
no ip redirects
ip mtu 1400
ip tcp adjust-mss 1360
ip hello-interval eigrp 200 20
ip hold-time eigrp 200 60
no ip split-horizon eigrp 200
!
!
!
router eigrp 101
network 10.11.11.0 0.0.0.255
passive-interface default
no passive-interface Tunnel11
eigrp router-id 10.11.11.1
!
!
!
router eigrp 101
redistribute eigrp [EIGRP AS] route-map SET-ROUTE-TAG-DMVPN
!
!
!
router eigrp 100]
redistribute eigrp 100
!
!
!
route-map SET-ROUTE-TAG-DMVPN permit 10
match interface Tunnel10
set tag DMVPN-EXTERNAL
no auto-summary
!
!
!

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s