DM VPN

패킷에 대한 암호화 및 인증을 실시하여 데이터에 대한 기밀성을 보장하고 지사 2곳과 근거리에서 통신하는 효과를 얻을 수 있다.

셋팅

HQ_SE_Core_R1

crypto isakmp policy 10

 authentication pre-share

crypto isakmp key 6 tae address 0.0.0.0 0.0.0.0

crypto ipsec transform-set eung esp-3des esp-md5-hmac   

crypto ipsec profile vpn-1

 set transform-set eung

!

interface Tunnel0

 ip address 192.168.81.1 255.255.255.0

 no ip redirects

 ip nhrp authentication kong

 ip nhrp map multicast dynamic

 ip nhrp network-id 2811

 ip nhrp holdtime 360

 ip nhrp cache non-authoritative

 tunnel source 200.1.1.2

 tunnel mode gre multipoint

 tunnel key 2811

 tunnel protection ipsec profile vpn-1

NHRP 테이블

HQ_SE_Core_R1#show ip nhrp      

192.168.81.2/32 via 192.168.81.2, Tunnel0 created 00:05:47, expire 00:04:12

  Type: dynamic, Flags: unique registered

  NBMA address: 200.1.3.2

192.168.81.3/32 via 192.168.81.3, Tunnel0 created 00:03:23, expire 00:06:36

  Type: dynamic, Flags: unique registered

  NBMA address: 200.1.4.2