Configuración de túneles GRE Seguros (Hub and Spoke).
Se omitir la configuración de los túneles GRE y de EIGRP, los cuales pueden ser observados en http://www.lesand.cl/laboratorio/ccnp-route-gre. Se utilizará IPSEC
DP-H1(config)# crypto isakmp policy 10
DP-H1(config-isakmp)# authentication pre-share
DP-H1(config-isakmp)# encryption 3des
DP-H1(config-isakmp)# hash md5
DP-H1(config-isakmp)# group 2
DP-H1(config-isakmp)# lifetime 86000
DP-H1(config)#crypto isakmp key ASD123 address 190.1.0.2
DP-H1(config)#crypto isakmp key ASD123 address 190.2.0.2
DP-H1(config)#crypto isakmp key ASD123 address 190.3.0.2
DP-H1(config)#crypto ipsec transform-set TSET esp-3des esp-md5-hmac
DP-H1(cfg-crypto-trans)#ip access-list extended VPN1
DP-H1(config-ext-nacl)# permit gre host 190.200.0.2 host 190.1.0.2
DP-H1(config-ext-nacl)#ip access-list extended VPN2
DP-H1(config-ext-nacl)# permit gre host 190.200.0.2 host 190.2.0.2
DP-H1(config-ext-nacl)#ip access-list extended VPN3
DP-H1(config-ext-nacl)# permit gre host 190.200.0.2 host 190.3.0.2
DP-H1(config-ext-nacl)#crypto map MAPA 10 ipsec-isakmp
DP-H1(config-crypto-map)# match address VPN1
DP-H1(config-crypto-map)# set transform-set TSET
DP-H1(config-crypto-map)# set peer 190.1.0.2
DP-H1(config-crypto-map)#crypto map MAPA 20 ipsec-isakmp
DP-H1(config-crypto-map)# match address VPN2
DP-H1(config-crypto-map)# set transform-set TSET
DP-H1(config-crypto-map)# set peer 190.2.0.2
DP-H1(config-crypto-map)#crypto map MAPA 30 ipsec-isakmp
DP-H1(config-crypto-map)# match address VPN3
DP-H1(config-crypto-map)# set transform-set TSET
DP-H1(config-crypto-map)# set peer 190.3.0.2
DP-H1(config-crypto-map)# int fa0/0
DP-H1(config-if)# crypto map MAPA
DP-S1(config-router)# crypto isakmp policy 10
DP-S1(config-isakmp)# authentication pre-share
DP-S1(config-isakmp)# encryption 3des
DP-S1(config-isakmp)# hash md5
DP-S1(config-isakmp)# group 2
DP-S1(config-isakmp)# lifetime 86000
DP-S1(config-isakmp)#crypto isakmp key ASD123 address 190.200.0.2
DP-S1(config)#crypto ipsec transform-set TSET esp-3des esp-md5-hmac
DP-S1(config)#ip access-list extended VPN
DP-S1(config-ext-nacl)# permit gre host 190.1.0.2 host 190.200.0.2
DP-S1(config-ext-nacl)#crypto map MAPA 10 ipsec-isakmp
DP-S1(config-crypto-map)# match address VPN
DP-S1(config-crypto-map)# set transform-set TSET
DP-S1(config-crypto-map)# set peer 190.200.0.2
DP-S1(config-crypto-map)# int fa0/0
DP-S1(config-if)# crypto map MAPA
DP-S2(config-router)# crypto isakmp policy 10
DP-S2(config-isakmp)# authentication pre-share
DP-S2(config-isakmp)# encryption 3des
DP-S2(config-isakmp)# hash md5
DP-S2(config-isakmp)# group 2
DP-S2(config-isakmp)# lifetime 86000
DP-S2(config-isakmp)#crypto isakmp key ASD123 address 190.200.0.2
DP-S2(config)#crypto ipsec transform-set TSET esp-3des esp-md5-hmac
DP-S2(config)#ip access-list extended VPN
DP-S2(config-ext-nacl)# permit gre host 190.2.0.2 host 190.200.0.2
DP-S2(config-ext-nacl)#crypto map MAPA 10 ipsec-isakmp
DP-S2(config-crypto-map)# match address VPN
DP-S2(config-crypto-map)# set transform-set TSET
DP-S2(config-crypto-map)# set peer 190.200.0.2
DP-S2(config-crypto-map)# int fa0/0
DP-S2(config-if)# crypto map MAPA
DP-S3(config-router)# crypto isakmp policy 10
DP-S3(config-isakmp)# authentication pre-share
DP-S3(config-isakmp)# encryption 3des
DP-S3(config-isakmp)# hash md5
DP-S3(config-isakmp)# group 2
DP-S3(config-isakmp)# lifetime 86000
DP-S3(config-isakmp)#crypto isakmp key ASD123 address 190.200.0.2
DP-S3(config)#crypto ipsec transform-set TSET esp-3des esp-md5-hmac
DP-S3(config)#ip access-list extended VPN
DP-S3(config-ext-nacl)# permit gre host 190.3.0.2 host 190.200.0.2
DP-S3(config-ext-nacl)#crypto map MAPA 10 ipsec-isakmp
DP-S3(config-crypto-map)# match address VPN
DP-S3(config-crypto-map)# set transform-set TSET
DP-S3(config-crypto-map)# set peer 190.200.0.2
DP-S3(config-crypto-map)# int fa0/0
DP-S3(config-if)# crypto map MAPA