Voice and Video Enabled IPSec VPN (V3PN) Solution Reference Network Design - Network Diagram Scalability Testbed and Configuration Files [Design Zone for IPv6]

Network Diagram Scalability Testbed and Configuration Files

This appendix contains configurations that were used during a V3PN performance and scalability evaluation based on the network illustrated in Figure A-1. Specific configurations address the following devices and supporting networking functions:

•Head-end VPN Router

•Branch VPN Router—Frame Relay

•Branch VPN Router—HDLC

Figure A-1 V3PN Solution Testbed Diagram

Head-end VPN Router

The configuration below was taken from the Cisco 7200 VPN Router being used as a head-end. In this configuration, QoS was enabled on a separate WAN aggregation device, not on the same router terminating VPN tunnels.

As the configuration is extremely large in its entirety (due to the repetition involved to configure all 244 branches being terminated), repetitive commands were removed and noted.

version 12.1

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

no service password-encryption

service compress-config

hostname vpn3-7200-2

boot system flash disk0:c7200-ik2s-mz.121-9.E.bin

logging buffered 65535 debugging

enable password cisco

clock timezone EST -5

clock summer-time EDT recurring

clock calendar-valid

ip subnet-zero

ip cef

no ip domain-lookup

ip ssh time-out 120

ip ssh authentication-retries 3

xsm

xsm privilege configuration level 15

xsm privilege monitor level 1

xsm vdm

xsm edm

no xsm history vdm

no xsm history edm

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key bigsecret address 192.168.244.2

crypto isakmp key bigsecret address 192.168.242.2

<repetition removed>

crypto isakmp key bigsecret address 192.168.1.2

crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac

crypto mib ipsec flowmib history tunnel size 200

crypto mib ipsec flowmib history failure size 200

crypto map static-map local-address FastEthernet1/0

crypto map static-map 1 ipsec-isakmp

 set peer 192.168.1.2

 set security-association lifetime seconds 86400

 set transform-set vpn-test

 set pfs group2

 match address vpn-static1

crypto map static-map 2 ipsec-isakmp

 set peer 192.168.2.2

 set security-association lifetime seconds 86400

set transform-set vpn-test

 set pfs group2

 match address vpn-static2

<repetition removed>

crypto map static-map 244 ipsec-isakmp

 set peer 192.168.244.2

 set security-association lifetime seconds 86400

 set transform-set vpn-test

 set pfs group2

 match address vpn-static244

controller ISA 2/1

buffers small permanent 2048

buffers small max-free 10240

buffers small min-free 512

buffers middle permanent 2048

buffers middle max-free 10240

buffers middle min-free 512

buffers big permanent 2048

buffers big max-free 10240

buffers big min-free 512

buffers verybig permanent 2048

buffers verybig max-free 10240

buffers verybig min-free 512

buffers large permanent 2048

buffers large max-free 10240

buffers large min-free 512

buffers huge permanent 128

buffers huge max-free 512

buffers huge min-free 32

interface Loopback0

 description Loopback0

 ip address 10.57.2.255 255.255.255.255

interface Tunnel1

 description vpn6-2600-1

 ip address 10.62.1.197 255.255.255.252

 ip summary-address eigrp 1 10.0.0.0 255.0.0.0 5

 load-interval 30

 delay 60000

 tunnel source 192.168.252.1

 tunnel destination 192.168.1.2

 crypto map static-map

interface Tunnel2

 description vpn6-2600-2

 ip address 10.62.2.197 255.255.255.252

 ip summary-address eigrp 1 10.0.0.0 255.0.0.0 5

 load-interval 30

 delay 60000

 tunnel source 192.168.252.1

 tunnel destination 192.168.2.2

 crypto map static-map

<repetition removed>

interface Tunnel244

 description vpn17-4200-2

 ip address 10.63.130.193 255.255.255.252

 ip summary-address eigrp 1 10.0.0.0 255.0.0.0 5

 load-interval 30

 tunnel source 192.168.252.1

 tunnel destination 192.168.244.2

 crypto map static-map

interface FastEthernet0/0

 description FastEthernet0/0

 ip address 172.26.156.18 255.255.254.0

 load-interval 30

 duplex full

interface FastEthernet1/0

 description FastEthernet1/0

 ip address 192.168.252.1 255.255.255.0

 load-interval 30

 duplex full

 speed 100

 crypto map static-map

interface FastEthernet1/1

 description FastEthernet1/1

 ip address 10.57.2.1 255.255.255.252

 load-interval 30

 duplex full

 speed 100

interface Hssi3/0

 ip address 192.168.253.10 255.255.255.252

 shutdown

 hssi internal-clock

 serial restart-delay 0

router eigrp 1

 passive-interface FastEthernet0/0

 passive-interface FastEthernet1/0

 network 10.0.0.0

 no auto-summary

 eigrp log-neighbor-changes

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.252.2

ip route 172.26.0.0 255.255.0.0 172.26.156.1

no ip http server

ip access-list extended vpn-static1

 permit gre host 192.168.252.1 host 192.168.1.2

ip access-list extended vpn-static10

 permit gre host 192.168.252.1 host 192.168.10.2

ip access-list extended vpn-static100

 permit gre host 192.168.252.1 host 192.168.100.2

<repetition removed>

ip access-list extended vpn-static244

 permit gre host 192.168.252.1 host 192.168.244.2

logging trap debugging

logging 172.26.131.82

snmp-server community private RW

snmp-server community public RO

line con 0

 exec-timeout 0 0

 password cisco

 login

line aux 0

line vty 0 4

 exec-timeout 0 0

 password cisco

 login

line vty 5 15

 login

ntp clock-period 17179932

ntp server 172.26.156.1

end

Branch VPN Router—Frame Relay

The configuration shown below is from a Cisco 2651 VPN Router that was configured for V3PN. The Layer-2 technology used in this case was Frame Relay at a 1280 Kbps link speed.

! No configuration change since last restart

version 12.2

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

no service password-encryption

hostname vpn12-2600-1

logging buffered 32768 debugging

enable password cisco

clock timezone EST -5

clock summer-time EDT recurring

ip subnet-zero

ip cef

no ip domain-lookup

ip audit notify log

ip audit po max-events 100

class-map match-all call-setup

  match ip precedence 3

class-map match-any mission-critical

  match ip precedence 2

  match ip precedence 6

class-map match-all voice

  match ip precedence 5

policy-map 1280kb

  class call-setup

   bandwidth percent 5

  class mission-critical

   bandwidth percent 22

  class voice

    priority 392

  class class-default

   fair-queue

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key bigsecret address 192.168.252.1

crypto isakmp key bigsecret address 192.168.251.1

crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac

crypto map static-map local-address Serial0/0.1

crypto map static-map 10 ipsec-isakmp

 set peer 192.168.252.1

 set transform-set vpn-test

 match address vpn-static1

crypto map static-map 20 ipsec-isakmp

 set peer 192.168.251.1

 set transform-set vpn-test

 match address vpn-static2

fax interface-type fax-mail

mta receive maximum-recipients 0

interface Loopback0

 ip address 10.63.21.254 255.255.255.255

interface Tunnel0

 description Tunnel0

 ip address 10.63.21.194 255.255.255.252

 ip summary-address eigrp 1 10.63.21.0 255.255.255.0 5

 load-interval 30

 qos pre-classify

 tunnel source 192.168.181.2

 tunnel destination 192.168.252.1

 crypto map static-map

interface Tunnel1

 description Tunnel1

 ip address 10.63.21.198 255.255.255.252

 ip summary-address eigrp 1 10.63.21.0 255.255.255.0 5

 load-interval 30

 delay 60000

 qos pre-classify

 tunnel source 192.168.181.2

 tunnel destination 192.168.251.1

 crypto map static-map

interface FastEthernet0/0

 description FastEthernet0/0

 ip address 172.26.157.181 255.255.254.0

 no ip proxy-arp

 no ip mroute-cache

load-interval 30

 speed auto

 half-duplex

interface Serial0/0

 description Serial0/0

 bandwidth 1280

 no ip address

 encapsulation frame-relay

 no ip mroute-cache

 logging event subif-link-status

 logging event dlci-status-change

 load-interval 30

 no fair-queue

 frame-relay traffic-shaping

interface Serial0/0.1 point-to-point

 description Serial0/0.1

 bandwidth 1280

 ip address 192.168.181.2 255.255.255.252

 no ip mroute-cache

 frame-relay interface-dlci 101

  class 1280kb

 crypto map static-map

interface FastEthernet0/1

 description FastEthernet0/1

 ip address 10.63.21.1 255.255.255.128

 no ip mroute-cache

 load-interval 30

 speed 10

 full-duplex

router eigrp 1

 passive-interface Serial0/0

 passive-interface Serial0/0.1

 passive-interface FastEthernet0/1

 network 10.0.0.0

 no auto-summary

 eigrp log-neighbor-changes

ip default-gateway 192.168.181.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.181.1

ip route 10.63.21.200 255.255.255.255 10.63.21.2

no ip http server

ip pim bidir-enable

ip access-list extended vpn-static1

 permit gre host 192.168.181.2 host 192.168.252.1

ip access-list extended vpn-static2

 permit gre host 192.168.181.2 host 192.168.251.1

map-class frame-relay 1280kb

 no frame-relay adaptive-shaping

 frame-relay cir 1216000

 frame-relay bc 12160

 frame-relay be 0

 frame-relay mincir 1216000

 service-policy output 1280kb

snmp-server engineID local 000000090200000628DBD3E0

snmp-server community private RW

snmp-server community public RO

call rsvp-sync

mgcp profile default

dial-peer cor custom

line con 0

 exec-timeout 0 0

line aux 0

line vty 0 4

 exec-timeout 0 0

 password cisco

 login

 length 30

line vty 5 15

 login

ntp clock-period 17208540

ntp server 172.26.156.1

end

Branch VPN Router—HDLC

The configuration shown below is from a Cisco 1751 VPN Router that was configured for V3PN. The Layer-2 technology used in this case was HDLC at an E1 link speed.

! No configuration change since last restart

version 12.2

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

no service password-encryption

hostname vpn17-1700-1

logging buffered 65535 debugging

enable password cisco

clock timezone EST -5

clock summer-time EDT recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip domain-lookup

ip audit notify log

ip audit po max-events 100

ip cef

ip ssh time-out 120

ip ssh authentication-retries 3

class-map match-all call-setup

  match ip precedence 3

class-map match-any mission-critical

  match ip precedence 2

  match ip precedence 6

class-map match-all voice

  match ip precedence 5

policy-map 2048kb

  class mission-critical

   bandwidth percent 22

  class voice

    priority 672

  class call-setup

   bandwidth percent 5

  class class-default

   fair-queue

crypto isakmp policy 1

 encr 3des

 authentication pre-share

 group 2

crypto isakmp key bigsecret address 192.168.251.1

crypto isakmp key bigsecret address 192.168.252.1

crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac

crypto map static-map local-address Serial1/0

crypto map static-map 10 ipsec-isakmp

 set peer 192.168.251.1

 set transform-set vpn-test

 match address vpn-static1

crypto map static-map 20 ipsec-isakmp

 set peer 192.168.252.1

 set transform-set vpn-test

 match address vpn-static2

interface Loopback0

 ip address 10.63.100.254 255.255.255.255

interface Tunnel0

 description Tunnel0

 ip address 10.63.100.198 255.255.255.252

 ip summary-address eigrp 1 10.63.100.0 255.255.255.0 5

 load-interval 30

 delay 60000

 qos pre-classify

 tunnel source 192.168.236.2

 tunnel destination 192.168.251.1

 crypto map static-map

interface Tunnel1

 description Tunnel1

 ip address 10.63.100.194 255.255.255.252

 ip summary-address eigrp 1 10.63.100.0 255.255.255.0 5

 load-interval 30

 qos pre-classify

 tunnel source 192.168.236.2

 tunnel destination 192.168.252.1

 crypto map static-map

interface Ethernet0/0

 description FlashNet

 ip address 172.26.157.253 255.255.254.0

 half-duplex

interface FastEthernet0/0

 description FastEthernet0/0

 ip address 10.63.100.1 255.255.255.128

 load-interval 30

 speed 100

 full-duplex

interface Serial1/0

 description Serial1/0

 bandwidth 2048

 ip address 192.168.236.2 255.255.255.252

 no ip mroute-cache

 load-interval 30

 service-policy output 2048kb

 crypto map static-map

router eigrp 1

 network 10.0.0.0

 no auto-summary

 eigrp log-neighbor-changes

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.236.1

ip route 172.18.0.0 255.255.0.0 172.26.156.1

ip route 172.26.0.0 255.255.0.0 172.26.156.1

no ip http server

ip pim bidir-enable

ip access-list extended vpn-static1

 permit gre host 192.168.236.2 host 192.168.251.1

ip access-list extended vpn-static2

 permit gre host 192.168.236.2 host 192.168.252.1

snmp-server engineID local 0000000902000003E38D8C20

snmp-server community private RW

snmp-server community public RO

line con 0

 exec-timeout 0 0

line aux 0

line vty 0 4

 exec-timeout 0 0

 password cisco

 login

no scheduler allocate

ntp clock-period 17180765

ntp server 172.26.156.1

end

	Voice and Video Enabled IPSec VPN (V3PN) Solution Reference Network Design
	Network Diagram Scalability Testbed and Configuration Files
Voice and Video Enabled IPSec VPN (V3PN) Solution Reference Network Design Preface V3PN SRND Introduction V3PN Solution Overview and Best Practices V3PN Solution Components Planning and Design Product Selection Implementation and Configuration Verification and Troubleshooting Network Diagram Scalability Testbed and Configuration Files Configuration Supplement--Voice Module, EIGRP Stub, DSCP, HDLC Configuration Supplement--Dynamic Crypto Maps, Reverse Route Injection	Download this chapter Network Diagram Scalability Testbed and Configuration Files Download the complete book V3PN.pdf (PDF - 2 MB) Table Of Contents Network Diagram Scalability Testbed and Configuration Files Head-end VPN Router Branch VPN Router—Frame Relay Branch VPN Router—HDLC Network Diagram Scalability Testbed and Configuration Files This appendix contains configurations that were used during a V3PN performance and scalability evaluation based on the network illustrated in Figure A-1. Specific configurations address the following devices and supporting networking functions: •Head-end VPN Router •Branch VPN Router—Frame Relay •Branch VPN Router—HDLC Figure A-1 V3PN Solution Testbed Diagram Head-end VPN Router The configuration below was taken from the Cisco 7200 VPN Router being used as a head-end. In this configuration, QoS was enabled on a separate WAN aggregation device, not on the same router terminating VPN tunnels. As the configuration is extremely large in its entirety (due to the repetition involved to configure all 244 branches being terminated), repetitive commands were removed and noted. ! version 12.1 no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service password-encryption service compress-config ! hostname vpn3-7200-2 ! boot system flash disk0:c7200-ik2s-mz.121-9.E.bin logging buffered 65535 debugging enable password cisco ! clock timezone EST -5 clock summer-time EDT recurring clock calendar-valid ip subnet-zero ip cef ! no ip domain-lookup ! ip ssh time-out 120 ip ssh authentication-retries 3 ! xsm xsm privilege configuration level 15 xsm privilege monitor level 1 xsm vdm xsm edm no xsm history vdm no xsm history edm ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key bigsecret address 192.168.244.2 crypto isakmp key bigsecret address 192.168.242.2 . <repetition removed> . crypto isakmp key bigsecret address 192.168.1.2 ! ! crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac crypto mib ipsec flowmib history tunnel size 200 crypto mib ipsec flowmib history failure size 200 ! crypto map static-map local-address FastEthernet1/0 crypto map static-map 1 ipsec-isakmp set peer 192.168.1.2 set security-association lifetime seconds 86400 set transform-set vpn-test set pfs group2 match address vpn-static1 crypto map static-map 2 ipsec-isakmp set peer 192.168.2.2 set security-association lifetime seconds 86400 set transform-set vpn-test set pfs group2 match address vpn-static2 . <repetition removed> . crypto map static-map 244 ipsec-isakmp set peer 192.168.244.2 set security-association lifetime seconds 86400 set transform-set vpn-test set pfs group2 match address vpn-static244 ! controller ISA 2/1 ! buffers small permanent 2048 buffers small max-free 10240 buffers small min-free 512 buffers middle permanent 2048 buffers middle max-free 10240 buffers middle min-free 512 buffers big permanent 2048 buffers big max-free 10240 buffers big min-free 512 buffers verybig permanent 2048 buffers verybig max-free 10240 buffers verybig min-free 512 buffers large permanent 2048 buffers large max-free 10240 buffers large min-free 512 buffers huge permanent 128 buffers huge max-free 512 buffers huge min-free 32 ! ! interface Loopback0 description Loopback0 ip address 10.57.2.255 255.255.255.255 ! interface Tunnel1 description vpn6-2600-1 ip address 10.62.1.197 255.255.255.252 ip summary-address eigrp 1 10.0.0.0 255.0.0.0 5 load-interval 30 delay 60000 tunnel source 192.168.252.1 tunnel destination 192.168.1.2 crypto map static-map ! interface Tunnel2 description vpn6-2600-2 ip address 10.62.2.197 255.255.255.252 ip summary-address eigrp 1 10.0.0.0 255.0.0.0 5 load-interval 30 delay 60000 tunnel source 192.168.252.1 tunnel destination 192.168.2.2 crypto map static-map . <repetition removed> . interface Tunnel244 description vpn17-4200-2 ip address 10.63.130.193 255.255.255.252 ip summary-address eigrp 1 10.0.0.0 255.0.0.0 5 load-interval 30 tunnel source 192.168.252.1 tunnel destination 192.168.244.2 crypto map static-map ! interface FastEthernet0/0 description FastEthernet0/0 ip address 172.26.156.18 255.255.254.0 load-interval 30 duplex full ! interface FastEthernet1/0 description FastEthernet1/0 ip address 192.168.252.1 255.255.255.0 load-interval 30 duplex full speed 100 crypto map static-map ! interface FastEthernet1/1 description FastEthernet1/1 ip address 10.57.2.1 255.255.255.252 load-interval 30 duplex full speed 100 ! interface Hssi3/0 ip address 192.168.253.10 255.255.255.252 shutdown hssi internal-clock serial restart-delay 0 ! router eigrp 1 passive-interface FastEthernet0/0 passive-interface FastEthernet1/0 network 10.0.0.0 no auto-summary eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.252.2 ip route 172.26.0.0 255.255.0.0 172.26.156.1 no ip http server ! ! ip access-list extended vpn-static1 permit gre host 192.168.252.1 host 192.168.1.2 ip access-list extended vpn-static10 permit gre host 192.168.252.1 host 192.168.10.2 ip access-list extended vpn-static100 permit gre host 192.168.252.1 host 192.168.100.2 . <repetition removed> . ip access-list extended vpn-static244 permit gre host 192.168.252.1 host 192.168.244.2 logging trap debugging logging 172.26.131.82 snmp-server community private RW snmp-server community public RO ! line con 0 exec-timeout 0 0 password cisco login line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login line vty 5 15 login ! ntp clock-period 17179932 ntp server 172.26.156.1 end ! Branch VPN Router—Frame Relay The configuration shown below is from a Cisco 2651 VPN Router that was configured for V3PN. The Layer-2 technology used in this case was Frame Relay at a 1280 Kbps link speed. ! ! No configuration change since last restart ! version 12.2 service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service password-encryption ! hostname vpn12-2600-1 ! logging buffered 32768 debugging enable password cisco ! clock timezone EST -5 clock summer-time EDT recurring ip subnet-zero ip cef ! no ip domain-lookup ! ip audit notify log ip audit po max-events 100 ! class-map match-all call-setup match ip precedence 3 class-map match-any mission-critical match ip precedence 2 match ip precedence 6 class-map match-all voice match ip precedence 5 ! policy-map 1280kb class call-setup bandwidth percent 5 class mission-critical bandwidth percent 22 class voice priority 392 class class-default fair-queue ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key bigsecret address 192.168.252.1 crypto isakmp key bigsecret address 192.168.251.1 ! ! crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac ! crypto map static-map local-address Serial0/0.1 crypto map static-map 10 ipsec-isakmp set peer 192.168.252.1 set transform-set vpn-test match address vpn-static1 crypto map static-map 20 ipsec-isakmp set peer 192.168.251.1 set transform-set vpn-test match address vpn-static2 ! ! fax interface-type fax-mail mta receive maximum-recipients 0 ! ! interface Loopback0 ip address 10.63.21.254 255.255.255.255 ! interface Tunnel0 description Tunnel0 ip address 10.63.21.194 255.255.255.252 ip summary-address eigrp 1 10.63.21.0 255.255.255.0 5 load-interval 30 qos pre-classify tunnel source 192.168.181.2 tunnel destination 192.168.252.1 crypto map static-map ! interface Tunnel1 description Tunnel1 ip address 10.63.21.198 255.255.255.252 ip summary-address eigrp 1 10.63.21.0 255.255.255.0 5 load-interval 30 delay 60000 qos pre-classify tunnel source 192.168.181.2 tunnel destination 192.168.251.1 crypto map static-map ! ! interface FastEthernet0/0 description FastEthernet0/0 ip address 172.26.157.181 255.255.254.0 no ip proxy-arp no ip mroute-cache load-interval 30 speed auto half-duplex ! interface Serial0/0 description Serial0/0 bandwidth 1280 no ip address encapsulation frame-relay no ip mroute-cache logging event subif-link-status logging event dlci-status-change load-interval 30 no fair-queue frame-relay traffic-shaping ! interface Serial0/0.1 point-to-point description Serial0/0.1 bandwidth 1280 ip address 192.168.181.2 255.255.255.252 no ip mroute-cache frame-relay interface-dlci 101 class 1280kb crypto map static-map ! interface FastEthernet0/1 description FastEthernet0/1 ip address 10.63.21.1 255.255.255.128 no ip mroute-cache load-interval 30 speed 10 full-duplex ! router eigrp 1 passive-interface Serial0/0 passive-interface Serial0/0.1 passive-interface FastEthernet0/1 network 10.0.0.0 no auto-summary eigrp log-neighbor-changes ! ip default-gateway 192.168.181.1 ip classless ip route 0.0.0.0 0.0.0.0 192.168.181.1 ip route 10.63.21.200 255.255.255.255 10.63.21.2 no ip http server ip pim bidir-enable ! ip access-list extended vpn-static1 permit gre host 192.168.181.2 host 192.168.252.1 ip access-list extended vpn-static2 permit gre host 192.168.181.2 host 192.168.251.1 ! map-class frame-relay 1280kb no frame-relay adaptive-shaping frame-relay cir 1216000 frame-relay bc 12160 frame-relay be 0 frame-relay mincir 1216000 service-policy output 1280kb ! snmp-server engineID local 000000090200000628DBD3E0 snmp-server community private RW snmp-server community public RO call rsvp-sync ! mgcp profile default ! dial-peer cor custom ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login length 30 line vty 5 15 login ! ntp clock-period 17208540 ntp server 172.26.156.1 ! end ! Branch VPN Router—HDLC The configuration shown below is from a Cisco 1751 VPN Router that was configured for V3PN. The Layer-2 technology used in this case was HDLC at an E1 link speed. ! ! No configuration change since last restart ! version 12.2 service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service password-encryption ! hostname vpn17-1700-1 ! logging buffered 65535 debugging enable password cisco ! clock timezone EST -5 clock summer-time EDT recurring mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ! ! no ip domain-lookup ! ip audit notify log ip audit po max-events 100 ip cef ip ssh time-out 120 ip ssh authentication-retries 3 ! class-map match-all call-setup match ip precedence 3 class-map match-any mission-critical match ip precedence 2 match ip precedence 6 class-map match-all voice match ip precedence 5 ! ! policy-map 2048kb class mission-critical bandwidth percent 22 class voice priority 672 class call-setup bandwidth percent 5 class class-default fair-queue ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key bigsecret address 192.168.251.1 crypto isakmp key bigsecret address 192.168.252.1 ! ! crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac ! crypto map static-map local-address Serial1/0 crypto map static-map 10 ipsec-isakmp set peer 192.168.251.1 set transform-set vpn-test match address vpn-static1 crypto map static-map 20 ipsec-isakmp set peer 192.168.252.1 set transform-set vpn-test match address vpn-static2 ! ! interface Loopback0 ip address 10.63.100.254 255.255.255.255 ! interface Tunnel0 description Tunnel0 ip address 10.63.100.198 255.255.255.252 ip summary-address eigrp 1 10.63.100.0 255.255.255.0 5 load-interval 30 delay 60000 qos pre-classify tunnel source 192.168.236.2 tunnel destination 192.168.251.1 crypto map static-map ! ! interface Tunnel1 description Tunnel1 ip address 10.63.100.194 255.255.255.252 ip summary-address eigrp 1 10.63.100.0 255.255.255.0 5 load-interval 30 qos pre-classify tunnel source 192.168.236.2 tunnel destination 192.168.252.1 crypto map static-map ! interface Ethernet0/0 description FlashNet ip address 172.26.157.253 255.255.254.0 half-duplex ! interface FastEthernet0/0 description FastEthernet0/0 ip address 10.63.100.1 255.255.255.128 load-interval 30 speed 100 full-duplex ! interface Serial1/0 description Serial1/0 bandwidth 2048 ip address 192.168.236.2 255.255.255.252 no ip mroute-cache load-interval 30 service-policy output 2048kb crypto map static-map ! router eigrp 1 network 10.0.0.0 no auto-summary eigrp log-neighbor-changes ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.236.1 ip route 172.18.0.0 255.255.0.0 172.26.156.1 ip route 172.26.0.0 255.255.0.0 172.26.156.1 no ip http server ip pim bidir-enable ! ! ip access-list extended vpn-static1 permit gre host 192.168.236.2 host 192.168.251.1 ip access-list extended vpn-static2 permit gre host 192.168.236.2 host 192.168.252.1 ! ! snmp-server engineID local 0000000902000003E38D8C20 snmp-server community private RW snmp-server community public RO ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 exec-timeout 0 0 password cisco login ! no scheduler allocate ntp clock-period 17180765 ntp server 172.26.156.1 end !
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks

Table Of Contents

Network Diagram Scalability Testbed and Configuration Files

Head-end VPN Router

Branch VPN Router—Frame Relay

Branch VPN Router—HDLC