Welcome to my online gallery. I hope you have as much fun looking at my paintings as I had making them. Enjoy and thanks for visiting! [This site is best viewed witha a 1024x768 resolution]

Sunday, June 24, 2012

DMVPN OVER MPLS

[COMPANY HQ]
!
! Last configuration change at 19:50:50 UTC Tue Jun 19 2012
upgrade fpd auto
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Company_HQ
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip source-route
ip cef
!
!
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile MY_PROF
 set transform-set MYSET
!
!
!
!
!
!
!
interface Tunnel0
 bandwidth 1000
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 ip mtu 1400
 no ip next-hop-self eigrp 1
 ip nhrp authentication cisco123
 ip nhrp map multicast dynamic
 ip nhrp network-id 5
 ip tcp adjust-mss 1360
 no ip split-horizon eigrp 1
 tunnel source FastEthernet1/0
 tunnel mode gre multipoint
 tunnel key 6
 tunnel protection ipsec profile MY_PROF
!
interface FastEthernet0/0
 no ip address
 duplex half
!
interface FastEthernet1/0
 ip address 10.10.10.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/1
 ip address 10.0.1.1 255.255.255.0
 duplex auto
 speed auto
!
!
router eigrp 1
 network 192.168.1.0
!
router bgp 100
 bgp log-neighbor-changes
 neighbor 10.10.10.1 remote-as 65000
 neighbor 10.10.10.1 soft-reconfiguration inbound
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
 transport input all
!
end
=============================
[BRANCH 1]
!
!
! Last configuration change at 20:01:37 GMT Tue Jun 19 2012
upgrade fpd auto
version 15.1
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Branch1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
clock timezone GMT 0 0
no ip source-route
ip cef
!
!
no ip bootp server
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile MY_PROF
 set transform-set MYSET
!
!
!
!
!
!
!
interface Tunnel0
 bandwidth 1000
 ip address 192.168.1.10 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication cisco123
 ip nhrp map multicast 10.10.10.2
 ip nhrp map 192.168.1.1 10.10.10.2
 ip nhrp network-id 5
 ip nhrp nhs 192.168.1.1
 ip tcp adjust-mss 1360
 tunnel source FastEthernet1/0
 tunnel mode gre multipoint
 tunnel key 6
 tunnel protection ipsec profile MY_PROF
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 20.10.10.2 255.255.255.252
 duplex full
 speed 100
 no cdp enable
!
interface FastEthernet1/1
 ip address 172.16.20.1 255.255.255.0
 duplex auto
 speed auto
!
!
router eigrp 1
 network 172.16.20.0 0.0.0.255
 network 192.168.1.0
!
router bgp 200
 bgp log-neighbor-changes
 neighbor 20.10.10.1 remote-as 65000
 neighbor 20.10.10.1 soft-reconfiguration inbound
!
no ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
no ip http server
no ip http secure-server
!
!
!
logging esm config
no cdp run
!
!
!
!
route-map static-bgp deny 10
 match tag 999
!
route-map static-bgp permit 20
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 30 0
 logging synchronous
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login
 transport input all
!
end
======================
[BRANCH2]
!
!
! Last configuration change at 19:55:56 GMT Tue Jun 19 2012
upgrade fpd auto
version 15.1
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Branch3
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096
!
no aaa new-model
!
clock timezone GMT 0 0
no ip source-route
ip cef
!
!
!
!
!
no ip bootp server
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set MYSET esp-aes esp-sha-hmac
!
crypto ipsec profile MY_PROF
 set transform-set MYSET
!
!
!
!
!
!
!
interface Tunnel0
 bandwidth 1000
 ip address 192.168.1.3 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication cisco123
 ip nhrp map 192.168.1.1 10.10.10.2
 ip nhrp map multicast 10.10.10.2
 ip nhrp network-id 5
 ip nhrp nhs 192.168.1.1
 ip tcp adjust-mss 1360
 tunnel source FastEthernet1/0
 tunnel mode gre multipoint
 tunnel key 6
 tunnel protection ipsec profile MY_PROF
!
interface FastEthernet0/0
 no ip address
 duplex half
!
interface FastEthernet1/0
 ip address 30.10.10.2 255.255.255.252
 duplex full
 speed auto
!
interface FastEthernet1/1
 ip address 172.16.30.1 255.255.255.0
 duplex auto
 speed auto
!
!
router eigrp 1
 network 172.16.30.0 0.0.0.255
 network 192.168.1.0
!
router bgp 300
 bgp log-neighbor-changes
 neighbor 30.10.10.1 remote-as 65000
 neighbor 30.10.10.1 soft-reconfiguration inbound
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
logging esm config
!
!
!
!
route-map BGP-2-EIGRP deny 10
 match tag 404
!
route-map BGP-2-EIGRP permit 20
 set tag 404
!
route-map static-bgp deny 10
 match tag 999
!
route-map static-bgp permit 20
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 30 0
 logging synchronous
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login
 transport input telnet
!
end

No comments: