Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2014-07-10 19:28:00
VPN
Alexander, 2014-07-10 19:28:00

How to reserve a DMVPN?

Hello, there is a task to reserve DNVPN using the second ISP. The central office is located in the city of Stavropol and two branches in Moscow and St. Petersburg. The central router of Stavropol is the Hub and the Spoke branches.
d15995593c33dc75035244ac89cf85e5.jpg
Now everything is configured through one ISP (ISP1), but the boss decided to make a reservation and connected the second channel (ISP2).
As I understand it, it is necessary to raise one tunnel in the branches and one more Hub on the central one.
The question is how to connect all this with IP SLA and OSPF? And how to configure the Hub correctly?
HUB config!
Building configuration...
Current configuration : 1731 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Stav
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
clock timezone CET 1 0
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
!
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key DMVPNpass address 0.0.0.0
!
!
crypto ipsec transform-set AES128-SHA esp-aes esp-sha-hmac
mode transport
!
crypto ipsec profile DMVPN-P
set transform-set AES128-SHA
!
!
!
!
!
!
!
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip ospf network broadcast
ip ospf priority 100
tunnel source Ethernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN-P
!
interface Ethernet0/0
ip address 30.30.30.2 255.255.255.0
!
interface Ethernet0/1
ip address 40.40.40.2 255.255.255.0
!
interface Ethernet0/2
ip address 172.16.32.1 255.255.252.0
!
interface Ethernet0/3
no ip address
shutdown
!
router ospf 1
network 172.16.32.0 0.0.3.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 30.30.30.1 10
ip route 0.0.0.0 0.0.0.0 40.40.40.1 50
!
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
exec-timeout 0 0
login
transport input all
!
!
end

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
Den A, 2014-07-11
@ALEXLEMUR

Good afternoon,
Pay attention to the documentation, it is very detailed with examples.
Translated: Dynamic Multipoint VPNs ...
Original: Dynamic Multipoint IPsec VPNs (Using Multipoint GR...

Report
A
Alexander, 2014-07-14
@ALEXLEMUR

Thanks I'm studying! Is there any other reference and documentation on IP SLA?

Similar questions
G
Gregory2018-08-08 18:17:29
How to organize a VPN for remote employees without routing unnecessary traffic? 6Reply
@
@antoo2018-08-08 21:52:39
Mikrotik + VPN/iptables: how to forward a port to an external IP? 2Reply
E
Eugene2016-03-21 11:23:27
How to set up routing so that part of the traffic uses a vpn connection? 2Reply
I
imwode2014-01-04 08:02:36
How can I bypass geo-blocking and look like a user from the Russian Federation, while being in another country? 3Reply
P
Pavel2020-07-31 22:40:52
Mikrotik L2TP/IPSEC and Windows client what's the problem? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question