Study Notes – Dual-Hub DMVPN Phase 1-3 w/ IPSec – CCIE #TBD

Study Notes – Dual-Hub DMVPN Phase 1-3 w/ IPSec

March 10, 2023March 9, 2023 Posted in Study Notes, technical

This is a post in a series of “stream-of-study” content where I post loosely-structured notes taken while labbing various scenarios and technologies.


!-----------------!
!  DMVPN Phase I  !
!-----------------!
!    Hub (R1)     !
!-----------------!
!
!
cry isakmp policy 5
 hash sha256
 authen pre-share
 group 19
 encry aes 256
!
cry isakmp key P@ssw0rd! address 0.0.0.0
!
cry ipsec transform-set DMVPN-TFS esp-aes 256 esp-sha-hmac
 mode transport
!
cry ipsec profile DMVPN-IPSec
 set transform-set DMVPN-TFS
!
int tu1
 ip add 192.168.1.1 255.255.255.0
 tunnel source 192.1.10.1
 tunnel mode gre multipoint
 ip nhrp network-id 1
 ip nhrp map multicast dynamic
 tunnel protection ipsec profile DMVPN-IPSec
!
router eigrp 100
 network 192.168.1.0 0.0.0.255
 network 10.0.0.0
 network 172.16.0.0
!
int tu1
 no ip split-horizon eigrp 100
!
!
!--------------------!
!   Spokes (R2-R4)   !
!--------------------!
!
cry isakmp policy 5
 hash sha256
 authen pre-share
 group 19
 encry aes 256
!
cry isakmp key P@ssw0rd! address 0.0.0.0
!
cry ipsec transform-set DMVPN-TFS esp-aes 256 esp-sha-hmac
 mode transport
!
cry ipsec profile DMVPN-IPSec
 set transform-set DMVPN-TFS
!
int tu1
 ip add 192.168.1.x 255.255.255.0
 tunnel source eth0/0
 tunnel mode gre multipoint
 ip nhrp network-id 1
 ip nhrp map multicast 192.1.10.1
 ip nhrp map 192.168.1.1 192.1.10.1
 ip nhrp nhs 192.168.1.1
 tunnel protection ipsec profile DMVPN-IPSec
!
router eigrp 100
 network 192.168.1.0 0.0.0.255
 network 10.0.0.0
 network 172.16.0.0
!
!
!-----------------!
!   Phase II      !
!-----------------!
!    Hub (R1)     !
!-----------------!
!
int tu1
 no ip next-hop-self eigrp 100
!
!-----------------!
!   Phase III     !
!-----------------!
!    Hub (R1)     !
!-----------------!
!
int tu1
 ip next-hop-self eigrp 100
 ip nhrp redirect
!ip summary-address eigrp 100 172.16.0.0/16
!
!---------------------!
!   Spokes (R2-R4)    !
!---------------------!
!
int tu1
 ip nhrp shortcut
!
!
!--------------------------------!
!   Adding a secondary Hub (R5)  !
!--------------------------------!
!
!-----------------!
!    Hub 2 (R5)   !
!-----------------!
!
cry isakmp policy 5
 hash sha256
 authen pre-share
 group 19
 encry aes 256
!
cry isakmp key P@ssw0rd! address 0.0.0.0
!
cry ipsec transform-set DMVPN-TFS esp-aes 256 esp-sha-hmac
 mode transport
!
cry ipsec profile DMVPN-IPSec
 set transform-set DMVPN-TFS
!
int tu1
 ip add 192.168.1.6 255.255.255.0
 tunnel source 192.1.50.5
 tunnel mode gre multipoint
 ip nhrp network-id 1
 ip nhrp map multicast dynamic
 ip nhrp map multicast 192.1.10.1
 ip nhrp map 192.168.1.1 192.1.10.1
 ip nhrp redirect
 tunnel protection ipsec profile DMVPN-IPSec
!
router eigrp 100
 network 192.168.1.0 0.0.0.255
 network 10.0.0.0
 network 172.16.0.0
!
int tu1
 no ip split-horizon eigrp 100
!ip summary-address eigrp 100 172.16.0.0/16
!
!----------------------------!
!     R1 (Original Hub)      !
!----------------------------!
!
int tu1
 ip nhrp map 192.168.1.6 192.1.50.5
 ip nhrp map multicast 192.1.50.5
!
!---------------------!
!   Spokes (R2-R4)    !
!---------------------!
!
int tu1
 ip nhrp map multicast 192.1.50.5
 ip nhrp map 192.168.1.6 192.1.50.5
 ip nhrp nhs 192.168.1.6
!
!
!-----------------------------!
!     Verifications           !
!-----------------------------!
!
show ip nhrp
show ip nhrp shortcut
shpw ip route
show ip cef
show adjacency
show ip eigrp ne
show cry isakmp sa [detail]
show cry ipsec sa [detail]

Published by malb9001

View all posts by malb9001

Leave a comment Cancel reply