VRF-AWARE-----------------GETVPN配置

GM--GC的pre-shared-key cisco

REKEY-------RSA:cciekey

eigrp authentication:ccie

STEP1：VRF配置

GM端：

ip vrf xx

rd xx:xx

2.int lo xx

ip vrf forward xx

ip add xx

3.int gi xx

encapsulation dot1q xxx

ip vrf forward xx

ip add xxxx

ip authentication mode eigrp xx md5

ip authentication key-chain eigrp xx ccie

4.router eigrp xx

address-family ipv4 vrf xxx

network xxx

STEP2:GETVPN 配置

GC端

1. crypto key generate rsa label cciekey modules 1024

   crypto isakmp policy 10
   authen pre-share
   group 2
   encapsu 3des

   crypto isakmp key 0 cisco address 0.0.0.0

   crypto ipsec transform-set TS esp-aes esp-sha-hmac

   crypto ipsec profile IPSEC-P

   set transfor-set TS

   crypto gdo group xx

   identity number xx

   server local

   address ipv4 xxxx

   rekey al aes 128

   rekey authen mypubkey rsa cciekey

   rekey transport unicast

   sa ipsec 1

   match address ipv4 VPNA

   ip access-list VPNA

   permit ip xx xxx xx xxx

    

   GM端

   1. crypto keyring xx vrf xx

      pre-shared-key address xxx key xxx

      crypto isakmp policy 10

      authen pre

      group 2
      encapsu 3des

      crypto gdoi group xxx

      identity number xx

      server address ipv4 xx
      client registration int e0/2.20

      crypto map xx 1 gdoi
      set group xx

      int exxx

      crypto map xxx

       

       

       

      Verify:

      GC/GM----VRF------show ip eigrp vrf xxx neighbors

      GC--------GETVPN---show crypto gdoi ks members

      GM-------GETVPN----show crypto gdoi gm acl