GM--GC的pre-shared-key cisco
REKEY-------RSA:cciekey
eigrp authentication:ccie
STEP1:VRF配置
GM端:
ip vrf xx
rd xx:xx
2.int lo xx
ip vrf forward xx
ip add xx
3.int gi xx
encapsulation dot1q xxx
ip vrf forward xx
ip add xxxx
ip authentication mode eigrp xx md5
ip authentication key-chain eigrp xx ccie
4.router eigrp xx
address-family ipv4 vrf xxx
network xxx
STEP2:GETVPN 配置
GC端
crypto key generate rsa label cciekey modules 1024
crypto isakmp policy 10
authen pre-share
group 2
encapsu 3des
crypto isakmp key 0 cisco address 0.0.0.0
crypto ipsec transform-set TS esp-aes esp-sha-hmac
crypto ipsec profile IPSEC-P
set transfor-set TS
crypto gdo group xx
identity number xx
server local
address ipv4 xxxx
rekey al aes 128
rekey authen mypubkey rsa cciekey
rekey transport unicast
sa ipsec 1
match address ipv4 VPNA
ip access-list VPNA
permit ip xx xxx xx xxx
GM端
crypto keyring xx vrf xx
pre-shared-key address xxx key xxx
crypto isakmp policy 10
authen pre
group 2
encapsu 3des
crypto gdoi group xxx
identity number xx
server address ipv4 xx
client registration int e0/2.20
crypto map xx 1 gdoi
set group xx
int exxx
crypto map xxx
Verify:
GC/GM----VRF------show ip eigrp vrf xxx neighbors
GC--------GETVPN---show crypto gdoi ks members
GM-------GETVPN----show crypto gdoi gm acl