GNS3 配置Dynamic Multipoint VPN

1、實驗拓撲

2、基礎網絡配置

R1配置：

ip dhcp excluded-address 16.1.1.1 16.1.1.5

ip dhcp excluded-address 13.1.1.1 13.1.1.2

ip dhcp pool net16

   network 16.1.1.0 255.255.255.0

   default-router 16.1.1.1 

ip dhcp pool net13

   network 13.1.1.0 255.255.255.0

   default-router 13.1.1.1 

interface FastEthernet0/0

 ip address 12.1.1.1 255.255.255.0

interface FastEthernet1/0

 ip address 13.1.1.1 255.255.255.0

interface FastEthernet2/0

 ip address 16.1.1.1 255.255.255.0

R2配置：

 ip address 12.1.1.2 255.255.255.0

 ip address 172.16.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 12.1.1.1

R3配置：

 ip address dhcp

 ip address 192.168.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 13.1.1.1

R4配置：

 ip address 172.16.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 172.16.1.254

R5配置：

 ip address 192.168.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.1.254

R6配置：

 ip address 10.1.1.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 16.1.1.1

R7配置：

 ip address 10.1.1.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.1.1.254

3、配置Dynamic Multipoint ×××

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0

crypto ipsec transform-set ccie esp-3des esp-sha-hmac 

crypto ipsec profile cisco

 set transform-set ccie 

interface Tunnel2

 bandwidth 1000

 ip address 100.1.1.2 255.255.255.0

 ip mtu 1400

 ip nhrp authentication ccie123

 ip nhrp map multicast dynamic

 ip nhrp network-id 1

 no ip split-horizon eigrp 1

 tunnel source FastEthernet0/0

 tunnel mode gre multipoint

 tunnel key 10000

 tunnel protection ipsec profile cisco

R3配置:

interface Tunnel3

 ip address 100.1.1.3 255.255.255.0

 no ip redirects

 ip nhrp map 100.1.1.2 12.1.1.2

 ip nhrp map multicast 12.1.1.2

 ip nhrp nhs 100.1.1.2

interface Tunnel6

 ip address 100.1.1.6 255.255.255.0

4、配置動态路由協定

router eigrp 1

 network 100.1.1.0 0.0.0.255

 network 172.16.1.0 0.0.0.255

 no auto-summary

 network 192.168.1.0

 network 10.1.1.0 0.0.0.255

5、spoke-to-spoke tunnel優化路由

R2配置

 no ip next-hop-self eigrp 1

6、OSPF路由協定測試

R2(config)#no router eigrp 1

R2(config)#router ospf 1

R2(config-router)#network 100.1.1.0 0.0.0.255 area 0

R2(config-router)#network 172.16.1.0 0.0.0.255 area 0

R3(config)#no router eigrp 1

R3(config)#router ospf 1

R3(config-router)#network 192.168.1.0 0.0.0.255 area 0

R3(config-router)#network 100.1.1.0 0.0.0.255 area 0

R6(config)#no router eigrp 1

R6(config)#router ospf 1

R6(config-router)#network 10.1.1.0 0.0.0.255 area 0

R6(config-router)#network 100.1.1.0 0.0.0.255 area 0

此時出現如下情況

*Mar  1 01:03:13.531: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from LOADING to FULL, Loading Done

R2#

*Mar  1 01:03:23.143: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar  1 01:03:23.155: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.1.254 on Tunnel2 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset

*Mar  1 01:03:23.263: %OSPF-4-NONEIGHBOR: Received database description from unknown neighbor 192.168.1.254

*Mar  1 01:03:23.427: %OSPF-5-ADJCHG: Process 1, Nbr 100.1.1.6 on Tunnel2 from LOADING to FULL, Loading Done

修改隧道的借口類型

R2(config)#int tunnel 2

R2(config-if)#ip ospf network point-to-multipoint 

R3(config)#int tunnel 3

R3(config-if)#ip ospf network point-to-multipoint

R6(config)#int tunnel 6