Lab ID: 10.217A239.TSP.

Troubleshooting DMVPN I
Objective
Troubleshoot Dynamic Multipoint Virtual Private Network (DMVPN), IP Security (IPSec), and tunnel
problems in the network.

Lab Topology
The topology diagram below represents the NetMap in the Simulator. You will only be performing tasks on
Hub, Spoke1, Spoke2, and Spoke3 in this lab.

Spoke1
S0/0

S0/0 S0/0

IISP-2
ISP
SP
P-2
2
Hub Spoke2
IISP-1
IS
SP-1
1

S0/0
Hub-to-Spoke Tunnel
Spoke-to-Spoke Tunnel

Spoke3

Command Summary
Command Description
configure terminal enters global configuration mode from privileged EXEC mode
crypto isakmp key keystring {address configures a preshared authentication key; you must
peer-address [mask]} configure this key whenever you specify preshared keys in
an IKE policy
enable enters privileged EXEC mode
end ends and exits configuration mode
exit exits one level in the menu structure
interface type number changes from global configuration mode to interface
configuration mode
[no] ip next-hop-self eigrp as-number enables EIGRP to advertise routes with the local outbound
interface address as the next hop; the no form enables
EIGRP to use the received next hop instead of the local
outbound interface address (itself)
[no] ip nhrp nhs nhs-address specifies the address of one or more NHRP next-hop server
(NHS) servers; the no form removes the address

1 Boson NetSim Lab Manual

 Command Description
ping ip-address sends an Internet Control Message Protocol (ICMP) echo
request to the specified address
show crypto ipsec sa shows the settings used by current security associations
(SAs)
show crypto isakmp sa shows all current Internet Key Exchange (IKE) SAs
show crypto isakmp key lists the keystrings and their preshared keys
show dmvpn displays DMVPN-specific session information
show ip eigrp topology network mask displays EIGRP topology table
show ip interface brief displays a brief summary of interface status and configuration
show ip nhrp [detail] displays NHRP mapping information
show ip route displays the IP routing table
show running-config displays the active configuration file
show running-config interface type displays the specified interface’s active configuration file
number
shutdown; no shutdown disables an interface; enables an interface
traceroute ip-address displays the network path to a given destination; is used on
Cisco devices

Network Documentation to Be Used in This Lab

The IP addresses and subnet masks used in this lab are shown in the table below:

IP Addresses
Device Interface IP Address Subnet Mask
Hub Tunnel 0 10.0.0.1 255.255.255.0
Loopback 0 10.1.0.1 255.255.255.128
Loopback 1 10.1.0.129 255.255.255.128
Serial 0/0 69.45.128.28 255.255.255.0
Spoke1 Tunnel 0 10.0.0.2 255.255.255.0
Loopback 0 10.2.0.1 255.255.255.128
Loopback 1 10.2.0.129 255.255.255.128
Serial 0/0 26.32.18.57 255.255.255.128
Spoke2 Tunnel 0 10.0.0.3 255.255.255.0
Loopback 0 10.3.0.1 255.255.255.128
Loopback 1 10.3.0.129 255.255.255.128
Serial 0/0 145.53.18.18 255.255.255.0
Spoke3 Tunnel 0 10.0.0.4 255.255.255.0
Loopback 0 10.4.0.1 255.255.255.128
Loopback 1 10.4.0.129 255.255.255.128
Serial 0/0 48.57.36.18 255.255.255.128
ISP1 Serial 0/2 48.57.36.5 255.255.255.128
ISP2 Serial 0/1 145.53.18.7 255.255.255.0

2 Boson NetSim Lab Manual

 Cryptography Configuration Parameters
Parameter Value
Preshared key dmvpnkey
ISAKMP policy 5
Hash MD5
Network ID 1

Lab Tasks
Complex network troubleshooting requires a structured approach. Network documentation that includes
thorough troubleshooting procedures can decrease the amount of time required to resolve network
problems. Troubleshooting procedures should contain a process to diagnose problems and the steps
necessary to verify that a proposed solution resolved the problem. In this lab, we will refer to this as a
troubleshooting and verification plan.

Ticket 1: Troubleshoot the Hub-to-Spoke Tunnel

The network you manage uses DMVPN with IPSec to provide a secure and dynamic virtual private network
(VPN) between the main office and all three branches. After a router is replaced at one branch (Spoke3),
the office no longer has connectivity with any other office in your network. You should troubleshoot
and repair the configuration on Spoke3. You have completed this task successfully when Spoke3 has
connectivity with the main office (Hub) and both branches (Spoke1 and Spoke2) and when Hub reports
a dynamic tunnel with Spoke3. You should use the IP addresses 10.1.0.1 (Hub), 10.2.0.1 (Spoke1),
and 10.3.0.1 (Spoke2) for troubleshooting each office and the IP address 48.57.36.5 for troubleshooting
Spoke3’s Internet service provider (ISP).

Ticket 2: Troubleshoot the Spoke-to-Spoke Tunnel

Users at the Spoke1 office are complaining about poor connectivity with a server on Spoke2. A network
associate reports that a traceroute from Spoke1 destined for Spoke2 travels through Hub. When a full-
mesh DMVPN is properly configured, spoke-to-spoke traffic should not traverse the hub router. You should
troubleshoot and repair the configuration on your network. You have completed this task successfully when
a traceroute from Spoke1 to Spoke2 (10.3.0.1) does not pass through Hub.

You can do so by clicking the Grade Lab icon ( ) in the toolbar or by pressing Ctrl+G.

3 Boson NetSim Lab Manual

 Lab Solutions
Ticket 1: Troubleshoot the Hub-to-Spoke Tunnel
The network you manage uses DMVPN with IPSec to provide a secure and dynamic VPN between the
main office and all three branches. After a router is replaced at one branch (Spoke3), the office no longer
has connectivity with any other office in your network. You should troubleshoot and repair the configuration
on Spoke3. You have completed this task successfully when Spoke3 has connectivity with the main office
(Hub) and both branches (Spoke1 and Spoke2) and when Hub reports a dynamic tunnel with Spoke3. You
should use the IP addresses 10.1.0.1 (Hub), 10.2.0.1 (Spoke1), and 10.3.0.1 (Spoke2) for troubleshooting
each office and the IP address 48.57.36.5 for troubleshooting Spoke3’s ISP.

You should create a troubleshooting and verification plan before attempting to correct the problem. There
are several possible solutions to this task; this lab documents only one.
1. You should first attempt to verify that the documented problem exists by issuing a ping from Spoke3
to Hub (10.1.0.1), Spoke1 (10.2.0.1), and Spoke2 (10.3.0.1).

Spoke3#ping 10.1.0.1
Spoke3#ping 10.2.0.1
Spoke3#ping 10.3.0.1

All three pings fail. The results you observe verify a problem exists and Spoke3 has no connectivity
with other offices in the DMVPN.

2. On Spoke3, you should issue the following command to verify the line and protocol state of the
interface connected to the ISP. Interfaces that are in a down state would prevent Spoke3 from
having any connectivity with devices outside of its local network; as shown in the output below,
Spoke3’s Serial 0/0 interface is up/up:

Spoke3#show ip interface brief

Interface IP-Address OK? Method Status Protocol
Serial0/0 48.57.36.18 YES unset up up
Serial0/1 unassigned YES unset administratively down down
Serial0/2 unassigned YES unset administratively down down
Serial0/3 unassigned YES unset administratively down down
Loopback0 10.4.0.1 YES unset up up
Loopback1 10.4.0.129 YES unset up up
Tunnel0 10.0.0.4 YES unset up up

3. On Spoke3, you should issue the following command to verify IP connectivity with Spoke3’s ISP. A
lack of connectivity between Spoke3 and its ISP could indicate a problem with the ISP, which would
need to be resolved before Spoke3 could reach Hub.

Spoke3#ping 48.57.36.5

The ping is successful; therefore, you can determine that Spoke3 has no connectivity issues with its
ISP.

4 Boson NetSim Lab Manual

 4. On Spoke3, you should issue the following command to verify IP connectivity with the tunnel
destination address. DMVPN spokes require connectivity with the tunnel destination before a
dynamic tunnel will form.

Spoke3#ping 69.45.128.28

The ping is successful; therefore, you can determine that Spoke3 has connectivity with the tunnel
destination (Hub) over the WAN.

5. On Spoke3, you should issue the following command to display active DMVPN sessions:

Spoke3#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I – Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details

Type: Spoke, NHRP Peers: 1

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 69.45.128.28 10.0.0.1 NHRP never S

Based on the NHRP shown in the State field of output, you can determine that a tunnel connection
with Hub has not formed as a result of an NHRP issue. The State field in the output will indicate UP
if the DMVPN session is functioning properly. Otherwise, it will indicate the reason for a down state
by displaying an error reason. Possible causes of a down state are NHRP, IPSec, and IKE.

6. On Spoke3, you should issue the following command to display the NHRP tunnel configuration:

Spoke3#show running-config interface tunnel 0

Building configuration...
Current configuration : 283 bytes
!
interface Tunnel0
ip address 10.0.0.4 255.255.255.0
ip nhrp map multicast 69.45.128.28
ip nhrp map 10.0.0.1 69.45.128.28
ip nhrp network-id 1
ip nhrp nhs 69.45.128.28
tunnel source Serial0/0
tunnel mode gre multipoint
tunnel protection ipsec profile dmvpnprofile
end

Based on the output, you can determine that Spoke3 has been incorrectly configured with the NBMA
address of Hub (69.45.128.28) for the NHRP NHS instead of the peer tunnel address (10.0.0.1).

5 Boson NetSim Lab Manual

 7. You should issue the following commands on Spoke3 to correct the configuration:

Spoke3(config)#interface tunnel 0
Spoke3(config-if)#no ip nhrp nhs 69.45.128.28
Spoke3(config-if)#ip nhrp nhs 10.0.0.1

8. On Spoke3, you should issue a ping to Hub (10.1.0.1), Spoke1 (10.2.0.1), and Spoke2 (10.3.0.1) to
determine whether Spoke3 now has DMVPN connectivity with all offices.

Spoke3#ping 10.1.0.1
Spoke3#ping 10.2.0.1
Spoke3#ping 10.3.0.1

All three pings fail. The results indicate that you have not yet restored connectivity between Spoke3
and the other offices in your network.

9. After the previous configuration error is fixed on Spoke3, the dynamic tunnel with Hub is not yet
functional. You should issue the following command to display active DMVPN sessions:

Spoke3#show dmvpn
<output omitted>

Interface: Tunnel0, IPv4 NHRP Details

Type: Spoke, NHRP Peers: 1

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 69.45.128.28 10.0.0.1 IKE never S

Based out the output, you can determine that an IPSec or Internet Security Association Key
Management Protocol (ISAKMP) problem exists with the link between Hub and Spoke3.

10. On Spoke3, you should issue the following command to display IPSec and ISAKMP policies on the
peer to verify that the configuration matches what is documented. If IPSec or ISAKMP policies are
not configured correctly, no dynamic tunnel would form between Hub and Spoke3.

Spoke3#show running-config | section crypto

crypto isakmp policy 5
authentication pre-share
hash md5
crypto ipsec transform-set dmvpnset esp-3des
crypto ipsec profile dmvpnprofile
set transform-set dmvpnset

Based on the output, you can determine that Spoke3 is not configured with an ISAKMP security key.

11. On Spoke3, you should issue the following command to correct the configuration:

Spoke3(config)#crypto isakmp key dmvpnkey address 0.0.0.0

6 Boson NetSim Lab Manual

 12. On Spoke3, you should verify your configuration by issuing the following command:

Spoke3#show crypto isakmp key

Hostname/Address Preshared Key
0.0.0.0 dmvpnkey

13. On Spoke3, you should issue the following commands to bounce the Tunnel 0 interface:

Spoke3(config)#interface tunnel 0
Spoke3(config-if)#shutdown
Spoke3(config-if)#no shutdown

Bouncing the interface is likely necessary to troubleshoot an NHRP client. When a new NHRP NHS
is configured, registration request packets are immediately sent to the server from the client and
will continue to be sent for as long as the NHS does not reply. The retransmission interval doubles
every attempt; therefore, depending on how long IPSec and ISAKMP were misconfigured while you
were troubleshooting this problem, you may be waiting for a few minutes before you see a correctly
configured DMVPN session come UP. Cycling the enabled state of the tunnel interface will reset the
NHRP process running for this interface, including the NHRP request timer for each NHRP NHS
configured. Making changes to IPSec and ISAKMP does not reset the NHRP process.

14. On Spoke3, you could additionally issue the following commands to verify IPSec and ISAKMP
SAs with Hub. If no SAs are displayed, a problem might still exist with either IPSec or ISAKMP
configuration.

Spoke3#show crypto ipsec sa

interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr. 10.0.0.4

local ident (addr/mask/prot/port): (48.57.36.18/255.255.255.0/0/0)

remote ident (addr/mask/prot/port): (69.45.128.28/255.255.255.0/0/0)
current_peer: 69.45.128.28 port 500
PERMIT, flags={origin_is_acl}
#pkts encaps: 16, #pkts encrypt: 16, #pkts digest: 0
#pkts decaps: 16, #pkts decrypt: 16, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 10.0.0.4, remote crypto endpt.:

path mtu 1500, media mtu 1500
current outbound spi:

Spoke3#show crypto isakmp sa

IPv4 Crypto ISAKMP SA
dst src state conn-id status
69.45.128.28 48.57.36.18 QM_IDLE 1000 ACTIVE
48.57.36.18 69.45.128.28 QM_IDLE 1001 ACTIVE

Based on the output, you can determine that a secure IPSec and ISAKMP session exists with Hub
(69.45.128.28).

7 Boson NetSim Lab Manual

 15. On Spoke3, you should issue the following command to verify that a tunnel has formed with Hub:

Spoke3#show dmvpn
<output omitted>

Interface: Tunnel0, IPv4 NHRP Details

Type: Spoke, NHRP Peers: 1

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 69.45.128.28 10.0.0.1 UP 00:00:37 S

The peer and state displayed indicate that Spoke3 has formed a dynamic tunnel with Hub.

16. On Spoke3, you should issue a ping to Hub (10.1.0.1), Spoke1 (10.2.0.1), and Spoke2 (10.3.0.1) to
verify that Spoke3 has IP connectivity with all offices.

Spoke3#ping 10.1.0.1
Spoke3#ping 10.2.0.1
Spoke3#ping 10.3.0.1

All three pings should succeed. You have completed this ticket successfully.

Ticket 2: Troubleshoot the Spoke-to-Spoke Tunnel

Users at the Spoke1 office are complaining about poor connectivity with a server on Spoke2. A network
associate reports that a traceroute from Spoke1 destined for Spoke2 travels through Hub. When a full-
mesh DMVPN is properly configured, spoke-to-spoke traffic should not traverse the hub router. You should
troubleshoot and repair the configuration on your network. You have completed this task successfully when
a traceroute from Spoke1 to Spoke2 (10.3.0.1) does not pass through Hub.

You should create a troubleshooting and verification plan before attempting to correct the problem. There
are several possible solutions to this task; this lab documents only one.
1. The first thing you should do is attempt to verify that the reported problem exists. On Spoke1, you
should issue the following command to observe the path traffic takes from Spoke1 to Spoke2:

Spoke1#traceroute 10.3.0.1

“Type escape sequence to abort.”

Tracing the route to 10.3.0.1

1 10.0.0.1 0 msec 16 msec 0 msec

2 10.0.0.3 20 msec 16 msec *

Based on the output displayed, you can determine that traffic unnecessarily traverses Hub
(10.0.0.1).

8 Boson NetSim Lab Manual

 2. On Spoke1, you should issue the following command to display the routing table. Traffic to the
10.3.0.0/25 network should use Spoke2 as the next hop:

Spoke1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B – BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route

Gateway of last resort is 26.32.18.54 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 26.32.18.54

10.0.0.0/8 is variably subnetted, 9 subnets
C 10.0.0.0/24 is directly connected, Tunnel0
D 10.1.0.0/25 [90/297372416] via 10.0.0.1, 00:03:15, Tunnel0
D 10.1.0.128/25 [90/297372416] via 10.0.0.1, 00:03:15, Tunnel0
C 10.2.0.0/25 is directly connected, Loopback0
C 10.2.0.128/25 is directly connected, Loopback1
D 10.3.0.0/25 [90/310172416] via 10.0.0.1, 00:03:15, Tunnel0
D 10.3.0.128/25 [90/310172416] via 10.0.0.1, 00:03:15, Tunnel0
D 10.4.0.0/25 [90/310172416] via 10.0.0.1, 00:01:20, Tunnel0
D 10.4.0.128/25 [90/310172416] via 10.0.0.1, 00:01:20, Tunnel0
26.0.0.0/25 is subnetted, 1 subnets
C 26.32.18.0 is directly connected, Serial0/0

Based on the output displayed, you can determine that the next hop address for the 10.3.0.0/25
network is Hub (10.0.0.1).

3. On Spoke1, you should issue the following command to display the EIGRP topology table for
the 10.3.0.0/25 route. If the next-hop address advertised by Hub is incorrect, then the DMVPN
configuration might not be configured correctly on Hub.

Spoke1#show ip eigrp topology 10.3.0.0 255.255.255.128

IPv4-EIGRP Topology Table for process 100

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - Reply status

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 310172416

10.0.0.1 (Tunnel0), from 10.0.0.1, Send flag is 0x0
Composite metric is (310172416/297372416), Route is Internal
Vector metric:
Minimum bandwidth is 9 Kbit
Total delay is 1005000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1514
Hop count is 2

Based on the output displayed, you can determine that Hub is advertising itself (10.0.0.1) to Spoke1
for the 10.3.0.0/25 network.

9 Boson NetSim Lab Manual

 4. On Hub, you should issue the following command to display the EIGRP configuration for interface
Tunnel 0:

Hub#show running-config interface tunnel 0

Building configuration...
Current configuration : 266 bytes
!
interface Tunnel0
ip address 10.0.0.1 255.255.255.0
no ip split-horizon eigrp 100
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp redirect
tunnel source Serial0/0
tunnel mode gre multipoint
tunnel protection ipsec profile dmvpnprofile
end

Based on the output, you can determine that Hub is configured to use its own Tunnel 0 interface as
the next-hop value for EIGRP AS 100. By default, an EIGRP interface is configured to use itself as
the next-hop value even when EIGRP is advertising outbound routes through the same interface on
which the routes were received.

5. You should issue the following commands on Hub to correct the configuration:

Hub(config)#interface tunnel 0
Hub(config-if)#no ip next-hop-self eigrp 100

6. After the network has time to converge, you should issue the following command on Spoke1 to
display the EIGRP topology table for the 10.3.0.0/24 route:

Spoke1#show ip eigrp topology 10.3.0.0 255.255.255.128

IPv4-EIGRP Topology Table for process 100

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - Reply status

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 310172416

10.0.0.3 (Tunnel0), from 10.0.0.1, Send flag is 0x0
Composite metric is (310172416/297372416), Route is Internal
Vector metric:
Minimum bandwidth is 9 Kbit
Total delay is 1005000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1514
Hop count is 2

Based on the output displayed, Hub is now advertising the next-hop address received (10.0.0.3)
rather than itself.

10 Boson NetSim Lab Manual

 7. On Spoke1, you should issue the following command to display the routing table:

Spoke1#show ip route
<output omitted>

Gateway of last resort is 69.45.128.7 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 69.45.128.7

10.0.0.0/8 is variably subnetted, 9 subnets
C 10.0.0.0/24 is directly connected, Tunnel0
C 10.1.0.0/25 is directly connected, Loopback0
C 10.1.0.128/25 is directly connected, Loopback1
D 10.2.0.0/25 [90/297372416] via 10.0.0.2, 00:04:15, Tunnel0
D 10.2.0.128/25 [90/297372416] via 10.0.0.2, 00:04:15, Tunnel0
D 10.3.0.0/25 [90/297372416] via 10.0.0.3, 00:04:15, Tunnel0
D 10.3.0.128/25 [90/297372416] via 10.0.0.3, 00:04:15, Tunnel0
D 10.4.0.0/25 [90/297372416] via 10.0.0.4, 00:04:15, Tunnel0
D 10.4.0.128/25 [90/297372416] via 10.0.0.4, 00:04:15, Tunnel0
26.0.0.0/25 is subnetted, 1 subnets
C 26.32.18.0 is directly connected, Serial0/0

Based on the output, the changes have fully converged on Spoke1 because 10.0.0.3 is now
displayed as the next-hop address for the 10.3.0.0/25 network instead of 10.0.0.1.

8. On Spoke1, you should issue the following command to verify connectivity and a dynamic tunnel
with Spoke2:

Spoke1#ping 10.3.0.1

9. On Spoke1, you should issue the following command to verify the problem is fixed:

Spoke1#traceroute 10.3.0.1

“Type escape sequence to abort.”

Tracing the route to 10.3.0.1

1 10.0.0.3 20 msec 16 msec *

Based on the results of the traceroute, traffic from Spoke1 to Spoke2 (10.3.0.1) is no longer
traversing Hub. You have completed this ticket successfully.

11 Boson NetSim Lab Manual

 Sample Configuration Scripts
Hub Hub (continued)
Hub#show running-config interface Loopback1
Building configuration... ip address 10.1.0.129 255.255.255.128
Current configuration : 1539 bytes no ip directed broadcast
! !
Version 15.b interface Serial0/0
service timestamps debug uptime description Link to ISP-1
service timestamps log uptime ip address 69.45.128.28 255.255.255.0
no service password-encryption no ip directed-broadcast
! !
hostname Hub interface Serial0/1
! no ip address
ip subnet-zero no ip directed-broadcast
! shutdown
ip cef !
no ip domain-lookup interface Serial0/2
! no ip address
crypto isakmp policy 5 no ip directed-broadcast
authentication pre-share shutdown
hash md5 !
! interface Serial0/3
crypto isakmp key dmvpnkey address 0.0.0.0 no ip address
! no ip directed-broadcast
crypto ipsec transform-set dmvpnset esp-3des shutdown
! !
crypto ipsec profile dmvpnprofile router eigrp 100
set transform-set dmvpnset network 10.0.0.0 0.0.0.255
! network 10.1.0.0 0.0.0.255
interface Tunnel0 !
ip address 10.0.0.1 255.255.255.0 ip classless
no ip next-hop-self eigrp 100 no ip http server
no ip split-horizon eigrp 100 !
ip nhrp map multicast dynamic ip route 0.0.0.0 0.0.0.0 69.45.128.7
ip nhrp network-id 1 !
ip nhrp redirect line con 0
tunnel source Serial0/0 line aux 0
tunnel mode gre multipoint line vty 0 4
tunnel protection ipsec profile dmvpnprofile login
! !
interface Loopback0 no scheduler allocate
ip address 10.1.0.1 255.255.255.128 end
no ip directed broadcast
!

12 Boson NetSim Lab Manual

 Spoke1 Spoke1 (continued)
Spoke1#show running-config interface Loopback1
Building configuration... ip address 10.2.0.129 255.255.255.128
Current configuration : 1524 bytes no ip directed broadcast
! !
Version 15.b interface Serial0/0
service timestamps debug uptime description Link to ISP-1
service timestamps log uptime ip address 26.32.18.57 255.255.255.128
no service password-encryption no ip directed-broadcast
! !
hostname Spoke1 interface Serial0/1
! no ip address
ip subnet-zero no ip directed-broadcast
! shutdown
ip cef !
no ip domain-lookup interface Serial0/2
! no ip address
crypto isakmp policy 5 no ip directed-broadcast
authentication pre-share shutdown
hash md5 !
! interface Serial0/3
crypto isakmp key dmvpnkey address 0.0.0.0 no ip address
! no ip directed-broadcast
crypto ipsec transform-set dmvpnset esp-3des shutdown
! !
crypto ipsec profile dmvpnprofile router eigrp 100
set transform-set dmvpnset network 10.0.0.0 0.0.0.255
! network 10.2.0.0 0.0.0.255
interface Tunnel0 !
ip address 10.0.0.2 255.255.255.0 ip classless
ip nhrp map multicast 69.45.128.28 no ip http server
ip nhrp map 10.0.0.1 69.45.128.28 !
ip nhrp network-id 1 ip route 0.0.0.0 0.0.0.0 26.32.18.54
ip nhrp nhs 10.0.0.1 !
tunnel source Serial0/0 line con 0
tunnel mode gre multipoint line aux 0
tunnel protection ipsec profile dmvpnprofile line vty 0 4
! login
interface Loopback0 !
ip address 10.2.0.1 255.255.255.128 no scheduler allocate
no ip directed broadcast end
!

Copyright © 1996–2017 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.

13 Boson NetSim Lab Manual