Hoot and Holler over V3PN Configuration Example
Configure
6
OL-6573-01
! CLASSIFY DIFFERENT QOS TRAFFIC, SETTING IP PRECEDENCE AND DSCP
!
class-map match-all data
match ip precedence 2
class-map match-all control-traffic
match ip dscp af31
class-map match-all video
match ip precedence 4
class-map match-all voice
match ip dscp ef
!
!
! ALLOCATE AVAILABLE BANDWIDTH FOR EACH QOS CLASSIFICATION, DEPENDING ON EXPECTED NEED
! FOR EXAMPLE, DSCP VALUE EF (CLASS VOICE) WILL BE GIVEN 35% OF THE BANDWIDTH
!
policy-map LLQ
class control-traffic
bandwidth percent 5
class voice
priority percent 35
class video
bandwidth percent 15
class data
bandwidth percent 20
class class-default
fair-queue
!
!
! SET THE IKE POLICY TO USE 3DES
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
!SPECIFY THAT ISAKMP CLIENTS (SPOKE ROUTERS) WILL NOT NEED TO USE XAUTH (USERNAME AND
PASSWORD) WHEN CONNECTING
!
crypto isakmp key cisco address 10.32.150.46 no-xauth
crypto isakmp key cisco address 10.32.153.34 no-xauth
!
!
crypto ipsec transform-set TRANSFORM_1 esp-3des esp-sha-hmac
!
! DEFINE THE REMOTE SPOKES, THEIR IP ADDRESSES AND ANY POLICIES THAT NEED TO BE
IMPLEMENTED
crypto map INT_CM 1 ipsec-isakmp
description === Peer device = Branch-2 ===
set peer 10.32.150.46
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 14400
set transform-set TRANSFORM_1
match address IPSEC_ACL_1
crypto map INT_CM 2 ipsec-isakmp
description === Peer device = Branch-1 ===
set peer 10.32.153.34
set security-association lifetime kilobytes 530000000
set security-association lifetime seconds 14400
set transform-set TRANSFORM_1
match address IPSEC_ACL_2
!
!
!
To Next Page
Loading...
