ESR series service routers.ESR-Series. User manual
2.
esr(config)# security ipsec vpn IPSECVPN
esr(config-ipsec-vpn)# mode ike
esr(config-ipsec-vpn)# ike establish-tunnel route
esr(config-ipsec-vpn)# ike gateway IKEGW
esr(config-ipsec-vpn)# ike ipsec-policy IPSECPOLICY
esr(config-ipsec-vpn)# enable
Map IPsec to the GRE tunnel so that clients can establish an encrypted connection:
esr(config-gre)# ip nhrp ipsec IPSECVPN dynamic
Enable NHRP and the tunnel:
esr(config-gre)# ip nhrp enable
esr(config-gre)# enable
Spoke configuration
Perform the standard DMVPN configuration on the tunnel:
esr# configure
esr(config-gre)# tunnel gre 8
esr(config-gre)# mtu 1416
esr(config-gre)# ttl 16
esr(config-gre)# multipoint
esr(config-gre)# local address 180.100.0.10
esr(config-gre)# ip address 10.10.0.8/24
Specify the time while the client record will be stored on the server:
esr(config-gre)# ip nhrp holding-time 300
Specify the tunnel address of NHS:
esr(config-gre)# ip nhrp nhs 10.10.0.5/24
Specify the tunnel address – real:
esr(config-gre)# ip nhrp map 10.10.0.5 150.115.0.5
Configure the multicast to the NHRP server:
esr(config)# ip nhrp multicast nhs
Configure the BGP for spoke:
esr(config)# router bgp 65008
esr(config-bgp)# address-family ipv4
esr(config-bgp-af)# neighbor 10.10.0.5
esr(config-bgp-neighbor)# remote-as 65005
esr(config-bgp-neighbor)# enable
esr(config-bgp-neighbor)# exit
esr(config-bgp-af)# enable
To Next Page
Loading...