DM***配置步骤

实验拓扑图：1.IP地址配置2.在R1、R3、R4上配置到ISP的默认路由（即到R2）R1: ip route 0.0.0.0 0.0.0.0 172.16.12.2R2: ip route 0.

.实验拓扑图：...1.IP地址配置...
..2.在R1、R3、R4上配置到ISP的默认路由（即到R2）....R1:    ip route 0.0.0.0 0.0.0.0 172.16.12.2..R2:    ip route 0.0.0.0 0.0.0.0 172.16.23.2..R3:    ip route 0.0.0.0 0.0.0.0 172.16.24.2..3.在R1、R3、R4上配置tunnel口和NHRP..  R1:...int tunnel 0..ip add 192.168.1.1 255.255.255.0..tunnel source f0/0..tunnel mode gre multipoint ..tunnel key 99..
..ip nhrp authentication cisco123..ip nhrp network-id 999..ip nhrp map multicast dynamic..  R3:...int tunnel 0..ip add 192.168.1.3 255.255.255.0..tunnel source f0/0..tunnel mode gre multipoint ..tunnel key 99..
..ip nhrp authentication cisco123..ip nhrp network-id 999..ip nhrp nhs 192.168.1.1..ip nhrp map multicast 172.16.12.1..ip nhrp map 192.168.1.1 172.16.12.1 ..  R4：...int tunnel 0..ip add 192.168.1.4 255.255.255.0..tunnel source f2/0..tunnel mode gre multipoint ..tunnel key 99..
..ip nhrp authentication cisco123..ip nhrp network-id 999..ip nhrp nhs 192.168.1.1..ip nhrp map multicast 172.16.12.1..ip nhrp map 192.168.1.1 172.16.12.1  ......4.在R1、R3、R4配置EIGRP..  R1：...router eigrp 10..no auto-summary..network 10.10.1.1 0.0.0.0..network 192.168.1.1 0.0.0.0...  R3：...router eigrp 10..no auto-summary..network 10.10.3.3 0.0.0.0..network 192.168.1.3 0.0.0.0...  R4：...router eigrp 10..no auto-summary..network 10.10.4.4 0.0.0.0..network 192.168.1.4 0.0.0.0...5.在R1上关闭水平分割，并把R3、R4之间的路由的下一跳指向正确的地址...no ip next-hop-self eigrp 10   *10为EIGRP进程号..no ip split-horizon eigrp 10   *关闭水平分割...
..   查看R1、R3、R4的OSPF邻居表....
....
....
..6.在R1、R3、R4上配置IPSec ×××..  R1:...crypto isakmp policy 10..encryption 3des..hash sha..authentication pre-share..group 2..crypto isakmp key ccna-ccnp add 0.0.0.0..exit..crypto ipsec transform-set ccie esp-3des esp-sha-hmac..
..crypto ipsec profile dm***..set transform-set ccie..
..int tunnel 0..tunnel protecion ipsec profile dm***...  R3:...crypto isakmp policy 10..encryption 3des..hash sha..authentication pre-share..group 2..crypto isakmp key ccna-ccnp add 0.0.0.0..exit..crypto ipsec transform-set ccie esp-3des esp-sha-hmac..
..crypto ipsec profile dm***..set transform-set ccie..
..int tunnel 0..tunnel protecion ipsec profile dm***...  R4:...crypto isakmp policy 10..encryption 3des..hash sha..authentication pre-share..group 2..crypto isakmp key ccna-ccnp add 0.0.0.0..exit..crypto ipsec transform-set ccie esp-3des esp-sha-hmac..
..crypto ipsec profile dm***..set transform-set ccie..
..int tunnel 0..tunnel protecion ipsec profile dm***...
..    注意：R1、R3、R4上都要配置IPSec ××× ！原因如下：..    如果只在R3、R4上配置IPSec，而R1上不配置IPSec。 R1、R3、R4 的EIGRP邻接关系会很快断开，这是因为，DM×××会加密所有通过tunnel口的数据包，包括EIGRP数据包，在R3和R4上发出的EIGRP hello包都已加密，而R1上没有配置IPSec，和R3、R4之间无法传递hello包。..
..7.show crypto isakmp sa..  R1:....  R3:....  R4:....  ..
..
..
..
..