Topologi
Objective. DMVPN kali ini akan kita autentikasikan dengan ip sec menggunakan metode isakmp aes 128, hashing sha, DH Group 2 IPsec esp-aes-256
Router 1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel0
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip next-hop-self eigrp 10
no ip split-horizon eigrp 10
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 14.14.14.1
tunnel mode gre multipoint
!
interface Ethernet0/0
ip address 14.14.14.1 255.255.255.0
!
router eigrp 10
network 1.1.1.1 0.0.0.0
network 10.10.10.1 0.0.0.0
!
ip route 0.0.0.0 0.0.0.0 14.14.14.4!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
ip address 10.10.10.2 255.255.255.0
no ip redirects
ip nhrp map 10.10.10.1 14.14.14.1
ip nhrp map multicast 14.14.14.1
ip nhrp network-id 2
ip nhrp nhs 10.10.10.1
tunnel source 24.24.24.2
tunnel mode gre multipoint
!
interface Ethernet0/1
ip address 24.24.24.2 255.255.255.0
!
router eigrp 10
network 2.2.2.2 0.0.0.0
network 10.10.10.2 0.0.0.0
!
ip route 0.0.0.0 0.0.0.0 24.24.24.4
!
Router 3
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
ip address 10.10.10.3 255.255.255.0
no ip redirects
ip nhrp map 10.10.10.1 14.14.14.1
ip nhrp map multicast 14.14.14.1
ip nhrp network-id 3
ip nhrp nhs 10.10.10.1
tunnel source 34.34.34.3
tunnel mode gre multipoint
!
interface Ethernet0/2
ip address 34.34.34.3 255.255.255.0
!
router eigrp 10
network 3.3.3.3 0.0.0.0
network 10.10.10.3 0.0.0.0
!
ip route 0.0.0.0 0.0.0.0 34.34.34.4
!
Router 4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
ip address 14.14.14.4 255.255.255.0
!
interface Ethernet0/1
ip address 24.24.24.4 255.255.255.0
!
interface Ethernet0/2
ip address 34.34.34.4 255.255.255.0
!
oke kita mulai konfigurasinya, pada konfigurasi kali saya akan menggunakan DMVPN phase II jadi jika router spoke akan berkomunikasi satu sama lain tidak perlu melewati router hub. Pertama kita buatkan terlebih dahulu profile dan policy nya, disini kita gunakan command crypto dan akan kita jadikan profile untuk autentikasi antar router spoke maupun hub.
oke sekarang mari kita verifikasi konfigurasi isakmp diatas dengan perintah "sh crypto isakmp sa" dan "sh crypto isakmp sa detail"
oke bisa kita lihat jika konfigurasi authentication ipsec yang kita lakukan diatas sudah aktif, itulah konfigurasinya semoga bermanfaat selamat mencoba sekian wasalamualaikum wr wb
