139 lines
2.3 KiB
Plaintext
139 lines
2.3 KiB
Plaintext
|
FLexVPN SPOKE-SPOKE
|
||
|
|
Dla R2, R3, R4:
|
||
|
|
|
||
|
|
crypto ikev2 keyring KEYR1
|
||
|
|
peer ANYPEER
|
||
|
|
address 0.0.0.0
|
||
|
|
pre-shared-key local Cisco
|
||
|
|
pre-shared-key remote Cisco
|
||
|
|
|
||
|
|
crypto ikev2 profile Profil1
|
||
|
|
match identity remote address 0.0.0.0 0.0.0.0
|
||
|
|
authentication local pre-share
|
||
|
|
authentication remote pre-share
|
||
|
|
keyring local KEYR1
|
||
|
|
aaa authorization group override psk list AUTHPOLICY1 AUTHPOLICY1
|
||
|
|
|
||
|
|
crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
|
||
|
|
|
||
|
|
crypto ipsec profile IPprof1
|
||
|
|
set transform-set TR1
|
||
|
|
set ikev2-profile Profil1
|
||
|
|
|
||
|
|
|
||
|
|
aaa new-model
|
||
|
|
aaa authorization network default local
|
||
|
|
|
||
|
|
crypto ikev2 authorization policy AUTHPOLICY1
|
||
|
|
route set interface
|
||
|
|
|
||
|
|
|
||
|
|
#####
|
||
|
|
|
||
|
|
|
||
|
|
Dla wszystkich Spoke (R2, R3, R4):
|
||
|
|
int tun 12
|
||
|
|
ip address negotiated
|
||
|
|
tunnel source g0/1
|
||
|
|
tunnel destination 192.0.2.1
|
||
|
|
tunnel protection ipsec profile IPprof1
|
||
|
|
ip nhrp network-id 1
|
||
|
|
ip nhrp shortcut virtual-template 12
|
||
|
|
|
||
|
|
|
||
|
|
int virtual-template 12 type tunnel
|
||
|
|
ip unnumbered tunnel 12
|
||
|
|
tunnel source g0/1
|
||
|
|
ip nhrp network-id 1
|
||
|
|
ip nhrp shortcut virtual-template 12
|
||
|
|
tunnel protection ipsec profile IPprof1
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
#####
|
||
|
|
Koncentrator (R1):
|
||
|
|
|
||
|
|
|
||
|
|
int loopback 3
|
||
|
|
ip add 1.1.1.1 255.255.255.0
|
||
|
|
|
||
|
|
ip local pool PULAIP 1.1.1.2 1.1.1.10
|
||
|
|
|
||
|
|
aaa new-model
|
||
|
|
aaa authorization network default local
|
||
|
|
|
||
|
|
|
||
|
|
crypto ikev2 authorization policy AUTHPOLICY1
|
||
|
|
pool PULAIP
|
||
|
|
route set interface
|
||
|
|
|
||
|
|
|
||
|
|
crypto ikev2 keyring KEYR1
|
||
|
|
peer ANYPEER
|
||
|
|
address 0.0.0.0
|
||
|
|
pre-shared-key local Cisco
|
||
|
|
pre-shared-key remote Cisco
|
||
|
|
|
||
|
|
crypto ikev2 profile Profil1
|
||
|
|
match identity remote address 0.0.0.0 0.0.0.0
|
||
|
|
authentication local pre-share
|
||
|
|
authentication remote pre-share
|
||
|
|
keyring local KEYR1
|
||
|
|
virtual-template 1
|
||
|
|
aaa authorization group override psk list AUTHPOLICY1 AUTHPOLICY1
|
||
|
|
|
||
|
|
crypto ipsec transform-set TR1 esp-sha256-hmac esp-aes
|
||
|
|
|
||
|
|
crypto ipsec profile IPprof1
|
||
|
|
set transform-set TR1
|
||
|
|
set ikev2-profile Profil1
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
interface virtual-template 1 type tunnel
|
||
|
|
tunnel source g0/1
|
||
|
|
ip unnumbered loopback 3
|
||
|
|
tunnel protection ipsec profile IPprof1
|
||
|
|
ip nhrp network-id 1
|
||
|
|
ip nhrp redirect
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
####
|
||
|
|
Dla R1:
|
||
|
|
router eigrp 1
|
||
|
|
network 1.1.1.0 0.0.0.255
|
||
|
|
|
||
|
|
Dla R2:
|
||
|
|
router eigrp 1
|
||
|
|
network 1.1.1.0 0.0.0.255
|
||
|
|
network 172.16.2.0 0.0.0.255
|
||
|
|
network 192.168.2.0 0.0.0.255
|
||
|
|
|
||
|
|
Dla R3:
|
||
|
|
router eigrp 1
|
||
|
|
network 1.1.1.0 0.0.0.255
|
||
|
|
network 172.16.3.0 0.0.0.255
|
||
|
|
network 192.168.3.0 0.0.0.255
|
||
|
|
|
||
|
|
Dla R4:
|
||
|
|
router eigrp 1
|
||
|
|
network 1.1.1.0 0.0.0.255
|
||
|
|
network 172.16.4.0 0.0.0.255
|
||
|
|
network 192.168.4.0 0.0.0.255
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|