DM***基本配置

R1爲Center,R2R3爲Branch

Center#sh run
Building configuration...
! 第一階段策略
crypto isakmp policy 10
   authentication pre-share
crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
!
! 第二階段策略
crypto ipsec transform-set SET esp-3des esp-md5-hmac
   mode transport
!應用profile
crypto ipsec profile cisco
   set transform-set SET
!
interface Loopback0
   ip address 10.1.1.1 255.255.255.0
!
interface Tunnel0
   ip address 172.16.1.1 255.255.255.0
   no ip redirects
   ip mtu 1440 //分片
   no ip next-hop-self eigrp 90 //NBMA 網絡解決動態下一跳
   ip nhrp map multicast dynamic //nhrp 動態路由映射
   ip nhrp network-id 10 //nhrp AS 號
   no ip split-horizon eigrp 90 //關閉eigrp 水平分割
   tunnel source Serial1/0
   tunnel mode gre multipoint //隧道模式多點gre
   tunnel key 12345 //必須定義key
   tunnel protection ipsec profile cisco //應用profile

!
interface Serial1/0
   ip address 200.1.1.1 255.255.255.0
   encapsulation frame-relay
   serial restart-delay 0
   frame-relay map ip 200.1.1.3 103 broadcast
   frame-relay map ip 200.1.1.2 102 broadcast
!
router eigrp 90
   network 10.1.1.0 0.0.0.255
   network 172.16.1.0 0.0.0.255

Branch1#
crypto isakmp policy 10
   authentication pre-share
crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set SET esp-3des esp-md5-hmac
   mode transport
!
crypto ipsec profile cisco
   set transform-set SET
!
interface Loopback0
   ip address 10.1.2.1 255.255.255.0
!
interface Tunnel0
   ip address 172.16.1.2 255.255.255.0
   no ip redirects
   ip mtu 1440
   ip nhrp map multicast 200.1.1.1
   ip nhrp map 172.16.1.1 200.1.1.1 //靜態nhrp map
   ip nhrp network-id 10
   ip nhrp nhs 172.16.1.1 //nhrp 服務器tunnel 口地址
   tunnel source Serial1/0
   tunnel mode gre multipoint
   tunnel key 12345
   tunnel protection ipsec profile cisco
!
interface Serial1/0

   ip address 200.1.1.2 255.255.255.0
   encapsulation frame-relay
   serial restart-delay 0
   frame-relay map ip 200.1.1.2 201 broadcast
   frame-relay map ip 200.1.1.3 201 broadcast
   frame-relay map ip 200.1.1.1 201 broadcast
!
router eigrp 90
   network 10.1.2.0 0.0.0.255
   network 172.16.1.0 0.0.0.255

Branch2#
crypto isakmp policy 10
   authentication pre-share
crypto isakmp key CISCO address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set SET esp-3des esp-md5-hmac
   mode transport
!
crypto ipsec profile cisco
   set transform-set SET
!
interface Loopback0
   ip address 10.1.3.1 255.255.255.0
!
interface Tunnel0
   ip address 172.16.1.3 255.255.255.0
   no ip redirects
   ip mtu 1440
   ip nhrp map multicast 200.1.1.1
   ip nhrp map 172.16.1.1 200.1.1.1
   ip nhrp network-id 10
   ip nhrp nhs 172.16.1.1
   tunnel source Serial1/0
   tunnel mode gre multipoint
   tunnel key 12345
   tunnel protection ipsec profile cisco
!
interface Serial1/0
   ip address 200.1.1.3 255.255.255.0
   encapsulation frame-relay
   serial restart-delay 0

   frame-relay map ip 200.1.1.3 301 broadcast
   frame-relay map ip 200.1.1.2 301 broadcast
   frame-relay map ip 200.1.1.1 301 broadcast
!
router eigrp 90
   network 10.1.3.0 0.0.0.255
   network 172.16.1.0 0.0.0.255

R4#
interface Serial1/0
   no ip address
   encapsulation frame-relay
   serial restart-delay 0
   frame-relay lmi-type cisco
   frame-relay intf-type dce
   frame-relay route 102 interface Serial1/1 201
   frame-relay route 103 interface Serial1/2 301
!
interface Serial1/1
   no ip address
   encapsulation frame-relay
   serial restart-delay 0
   frame-relay lmi-type cisco
   frame-relay intf-type dce
   frame-relay route 201 interface Serial1/0 102
!
interface Serial1/2
   no ip address
   encapsulation frame-relay
   serial restart-delay 0
   frame-relay lmi-type cisco
   frame-relay intf-type dce
frame-relay route 301 interface Serial1/0 103