Scribd
Upload
113 views5 pages

EIGRP and IPSec Configuration Guide

The document describes the configuration of a hub and three spoke devices in a hub-and-spoke VPN topology. Interface and tunnel configurations are shown for the hub with IP addresses on VLANs 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 and 192.168.4.0/24. Each spoke has a similar configuration with a tunnel to the hub and routes to reach the other VLANs through the hub. IPSec is configured with pre-shared keys for encryption between all devices.

Uploaded by

sinkee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
113 views5 pages

EIGRP and IPSec Configuration Guide

The document describes the configuration of a hub and three spoke devices in a hub-and-spoke VPN topology. Interface and tunnel configurations are shown for the hub with IP addresses on VLANs 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24 and 192.168.4.0/24. Each spoke has a similar configuration with a tunnel to the hub and routes to reach the other VLANs through the hub. IPSec is configured with pre-shared keys for encryption between all devices.

Uploaded by

sinkee
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

internet

interface fa0/0
ip address 192.168.1.2 255.255.255.0
duplex full
no shut
exit
interface e1/0
ip address 192.168.2.2 255.255.255.0
duplex full
no shut
exit
interface e1/1
ip address 192.168.3.2 255.255.255.0
duplex full
no shut
exit
interface e1/2
ip address 192.168.4.2 255.255.255.0
duplex full
no shut
exit

HUB
interface fa0/0
ip address 192.168.1.1 255.255.255.0
duplex full
no shut
exit
interface Loopback0
ip address 1.1.1.1 255.255.255.255
exit
interface Tunnel0
ip address 172.16.1.1 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp redirect
tunnel source fa0/0
tunnel mode gre multipoint
ip nhrp authentication pass
tunnel protection ipsec profile IPSEC_ZASTITA
exit
ip route 192.168.2.0 255.255.255.0 192.168.1.2
ip route 192.168.3.0 255.255.255.0 192.168.1.2
ip route 192.168.4.0 255.255.255.0 192.168.1.2

router eigrp 1
network 1.1.1.1 0.0.0.0
network 192.168.0.0
network 172.16.0.0
no auto-summary
exit
crypto isakmp policy 1
encr aes
authentication pre-share
group 14
crypto isakmp key Lozinka123 address 0.0.0.0
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
crypto ipsec profile IPSEC_ZASTITA
set transform-set AES-SHA
exit

Spoke1
interface Loopback0
ip address 2.2.2.2 255.255.255.255
exit
interface fa0/0
ip address 192.168.2.1 255.255.255.0
duplex full
no shut
exit
interface Tunnel0
ip address 172.16.1.2 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp map 172.16.1.1 192.168.1.1
ip nhrp map multicast 192.168.1.1
ip nhrp network-id 1
ip nhrp nhs 172.16.1.1
ip nhrp shortcut
tunnel source fa0/0
tunnel mode gre multipoint
ip nhrp authentication pass
tunnel protection ipsec profile IPSEC_ZASTITA
exit
ip route 192.168.1.0 255.255.255.0 192.168.2.2
ip route 192.168.3.0 255.255.255.0 192.168.2.2
ip route 192.168.4.0 255.255.255.0 192.168.2.2

router eigrp 1

network 2.2.2.2 0.0.0.0


network 192.168.0.0
network 172.16.0.0
no auto-summary

crypto isakmp policy 1


encr aes
authentication pre-share
group 14
crypto isakmp key Lozinka123 address 0.0.0.0
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
crypto ipsec profile IPSEC_ZASTITA
set transform-set AES-SHA
exit

spoke 2
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no shut
exit
interface fa0/0
ip address 192.168.3.1 255.255.255.0
duplex full
no shut
exit
interface Tunnel0
ip address 172.16.1.3 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp map 172.16.1.1 192.168.1.1
ip nhrp map multicast 192.168.1.1
ip nhrp network-id 1
ip nhrp nhs 172.16.1.1
ip nhrp shortcut
tunnel source fa0/0
tunnel mode gre multipoint
ip nhrp authentication pass
tunnel protection ipsec profile IPSEC_ZASTITA
exit

ip route 192.168.1.0 255.255.255.0 192.168.3.2


ip route 192.168.2.0 255.255.255.0 192.168.3.2
ip route 192.168.4.0 255.255.255.0 192.168.3.2

router eigrp 1
network 3.3.3.3 0.0.0.0
network 192.168.0.0
network 172.16.0.0
no auto-summary
exit
crypto isakmp policy 1
encr aes
authentication pre-share
group 14
crypto isakmp key Lozinka123 address 0.0.0.0
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
crypto ipsec profile IPSEC_ZASTITA
set transform-set AES-SHA
exit

spoke 3
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no shut
exit
interface fa0/0
ip address 192.168.4.1 255.255.255.0
duplex full
no shut
exit
interface Tunnel0
ip address 172.16.1.4 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 1
no ip split-horizon eigrp 1
ip nhrp map 172.16.1.1 192.168.1.1
ip nhrp map multicast 192.168.1.1
ip nhrp network-id 1
ip nhrp nhs 172.16.1.1
ip nhrp shortcut
tunnel source fa0/0
tunnel mode gre multipoint
ip nhrp authentication pass
tunnel protection ipsec profile IPSEC_ZASTITA
exit

ip route 192.168.1.0 255.255.255.0 192.168.4.2


ip route 192.168.2.0 255.255.255.0 192.168.4.2
ip route 192.168.3.0 255.255.255.0 192.168.4.2

router eigrp 1
network 4.4.4.4 0.0.0.0
network 192.168.0.0
network 172.16.0.0
no auto-summary
exit
crypto isakmp policy 1
encr aes
authentication pre-share
group 14
crypto isakmp key Lozinka123 address 0.0.0.0
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
crypto ipsec profile IPSEC_ZASTITA
set transform-set AES-SHA
exit

You might also like