DMVPN Phase 3 with IKEv2
Good and well known DMVPN :) since 2000
spoke:
crypto pki certificate map CERT-MAP-DMVPN-IKEv2 10
subject-name co ou = dmvpn
!
crypto ikev2 proposal IKEv2-PROPOSAL
encryption aes-cbc-256 aes-cbc-192 3des
integrity sha512 sha256 md5
group 14 5 2
!
crypto ikev2 policy IKEv2-POLICY
match fvrf any
proposal IKEv2-PROPOSAL
!
crypto ikev2 profile DMVPN-ISAKMP-IKEv2
match fvrf any
match certificate CERT-MAP-DMVPN-IKEv2
authentication local rsa-sig
authentication remote rsa-sig
pki trustpoint IOS-CA
!
crypto ipsec transform-set DMVPN-TSET-IKEv2 esp-aes 192 esp-sha256-hmac
mode transport
!
crypto ipsec profile DMVPN-PROF-IKEv2
set transform-set DMVPN-TSET-IKEv2
set ikev2-profile DMVPN-ISAKMP-IKEv2
!
interface Tunnel100
ip address 100.100.100.2 255.255.255.0
ip mtu 1400
ip nhrp authentication PaSsWoRd
ip nhrp map 100.100.100.5 192.168.100.5
ip nhrp map multicast 192.168.100.5
ip nhrp network-id 100
ip nhrp nhs 100.100.100.5
ip nhrp shortcut
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 123456
tunnel protection ipsec profile DMVPN-PROF-IKEv2 shared
Subscribe to:
Posts (Atom)