FLEX VPN WITH NORMAL DMVPN



courtesy Ruchit


R1

hostname R1
crypto isakmp policy 10
  authentication pre-share
crypto isakmp key cisco address 0.0.0.0
crypto ipsec transform-set TSET esp-3des esp-md5-hmac
  mode tunnel
crypto ipsec profile dmvpn
  set transform-set TSET
interface Loopback0
  ip address 172.25.1.1 255.255.255.255|
interface Tunnel0
  ip address 192.168.1.1 255.255.255.0
  no ip redirects
  ip mtu 1400
  no ip next-hop-self eigrp 1
  no ip split-horizon eigrp 1
  ip nhrp authentication cisco123
  ip nhrp map multicast dynamic
  ip nhrp network-id 99
  tunnel source FastEthernet1/0
  tunnel mode gre multipoint
  tunnel key 123
  tunnel protection ipsec profile dmvpn shared
interface FastEthernet0/0
  no ip address
  shutdown
  duplex full
interface FastEthernet1/0
  ip address 10.1.1.1 255.255.255.0
  speed auto
  duplex auto
router eigrp 1
  network 172.25.0.0
  network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0

R2

hostname R2
crypto ikev2 proposal p1
  encryption aes-cbc-256
  integrity sha384
  group 24
!
crypto ikev2 policy policy1
  proposal p1
!
crypto ikev2 keyring key1
  peer r4
   address 10.1.3.4
   pre-shared-key cisco1
  !
  peer r5
   address 10.1.4.5
   pre-shared-key cis
!
crypto ikev2 profile pro1
  match identity remote address 0.0.0.0
  authentication remote pre-share
  authentication local pre-share
  keyring local key1
  dpd 10 2 on-demand
!
crypto ipsec profile vpn
  set ikev2-profile pro1
!
interface Loopback0
  ip address 172.25.2.1 255.255.255.255
!
interface Tunnel1
  ip address 192.168.2.1 255.255.255.0
  no ip redirects
  ip mtu 1400
  no ip next-hop-self eigrp 2
  no ip split-horizon eigrp 2
  ip nhrp authentication cisco12
  ip nhrp map multicast dynamic
  ip nhrp network-id 100
  tunnel source FastEthernet1/0
  tunnel mode gre multipoint
  tunnel key 456
  tunnel protection ipsec profile vpn
!
interface FastEthernet1/0
  ip address 10.1.2.2 255.255.255.0
  speed auto
  duplex auto
!
router eigrp 2
  network 172.25.0.0
  network 192.168.2.0
!
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0


R3

hostname R3
!
interface FastEthernet1/0
  ip address 10.1.1.10 255.255.255.0
  speed auto
  duplex auto
!
interface FastEthernet1/1
  ip address 10.1.2.10 255.255.255.0
  speed auto
  duplex auto
!
interface FastEthernet2/0
  ip address 10.1.3.10 255.255.255.0
  speed auto
  duplex auto
!
interface FastEthernet2/1
  ip address 10.1.4.10 255.255.255.0
  speed auto
  duplex auto

R4

hostname R4
!
crypto ikev2 proposal p1
  encryption aes-cbc-256
  integrity sha384
  group 24
!
crypto ikev2 policy policy1
  proposal p1
!
crypto ikev2 keyring key1
  peer r2
   address 10.1.2.2
   pre-shared-key cisco1
!
crypto ikev2 profile pro1
  match identity remote address 10.1.2.2 255.255.255.255
  authentication remote pre-share
  authentication local pre-share
  keyring local key1
  dpd 10 2 on-demand
!
crypto isakmp policy 10
  authentication pre-share
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TSET esp-3des esp-md5-hmac
  mode tunnel
!
crypto ipsec profile dmvpn
  set transform-set TSET
!
crypto ipsec profile vpn
  set ikev2-profile pro1
!
interface Loopback0
  ip address 172.16.3.1 255.255.255.255
!
interface Tunnel0
  ip address 192.168.1.4 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication cisco123
  ip nhrp map multicast 10.1.1.1
  ip nhrp map 192.168.1.1 10.1.1.1
  ip nhrp network-id 99
  ip nhrp nhs 192.168.1.1
  tunnel source FastEthernet1/0
  tunnel mode gre multipoint
  tunnel key 123
  tunnel protection ipsec profile dmvpn shared
!
interface Tunnel1
  ip address 192.168.2.4 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication cisco12
  ip nhrp map multicast 10.1.2.2
  ip nhrp map 192.168.2.1 10.1.2.2
  ip nhrp network-id 100
  ip nhrp nhs 192.168.2.1
  tunnel source FastEthernet1/0
  tunnel mode gre multipoint
  tunnel key 456
  tunnel protection ipsec profile vpn shared
!
interface FastEthernet1/0
  ip address 10.1.3.4 255.255.255.0
  speed auto
  duplex auto
!
!
router eigrp 1
  network 172.16.0.0
  network 192.168.1.0
!
!
router eigrp 2
  network 172.16.0.0
  network 192.168.2.0
!
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
!

R5

hostname R5
!
crypto ikev2 proposal p1
  encryption aes-cbc-256
  integrity sha384
  group 24
!
crypto ikev2 policy policy1
  proposal p1
!
crypto ikev2 keyring key1
  peer r2
   address 10.1.2.2
   pre-shared-key cis
  !
crypto ikev2 profile pro1
  match identity remote address 10.1.2.2 255.255.255.255
  authentication remote pre-share
  authentication local pre-share
  keyring local key1
  dpd 10 2 on-demand
!
crypto isakmp policy 10
  authentication pre-share
crypto isakmp key cisco address 0.0.0.0
!
crypto ipsec transform-set TSET esp-3des esp-md5-hmac
  mode tunnel
!
crypto ipsec profile dmvpn
  set transform-set TSET
!
crypto ipsec profile vpn
  set ikev2-profile pro1
!
interface Loopback0
  ip address 172.16.4.1 255.255.255.255
!
interface Tunnel0
  ip address 192.168.1.5 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication cisco123
  ip nhrp map multicast 10.1.1.1
  ip nhrp map 192.168.1.1 10.1.1.1
  ip nhrp network-id 99
  ip nhrp nhs 192.168.1.1
  tunnel source FastEthernet1/0
  tunnel mode gre multipoint
  tunnel key 123
  tunnel protection ipsec profile dmvpn shared
!
interface Tunnel1
  ip address 192.168.2.5 255.255.255.0
  no ip redirects
  ip mtu 1400
  ip nhrp authentication cisco12
  ip nhrp map multicast 10.1.2.2
  ip nhrp map 192.168.2.1 10.1.2.2
  ip nhrp network-id 100
  ip nhrp nhs 192.168.2.1
  tunnel source FastEthernet1/0
  tunnel mode gre multipoint
  tunnel key 456
  tunnel protection ipsec profile vpn shared
!
interface FastEthernet1/0
  ip address 10.1.4.5 255.255.255.0
  speed auto
  duplex auto
!
router eigrp 1
  network 172.16.0.0
  network 192.168.1.0
!
router eigrp 2
  network 172.16.0.0
  network 192.168.2.0
!
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
!