R1#sh running-config
!
no ip domain lookup
ip domain name wk.org
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
redundancy
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key isakmp.p1.key address 100.100.100.2
crypto isakmp key isakmp.p1.key address 100.100.100.3
crypto isakmp key isakmp.p1.key address 100.100.100.4
crypto isakmp key isakmp.p1.key address 100.100.100.5
!
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
!
crypto ipsec profile isp
set transform-set wk
!
crypto gdoi group mygroup
identity number 123
server local
rekey algorithm aes 256
rekey retransmit 10 number 2
rekey authentication mypubkey rsa getvpnkey
rekey transport unicast
sa ipsec 1
profile isp
match address ipv4 getvpntraffic
replay time window-size 3
address ipv4 100.100.100.1
redundancy
local priority 100
peer address ipv4 100.100.100.2
!
!
crypto map vpn 10 gdoi
set group mygroup
!
interface Loopback0
ip address 10.10.1.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 100.100.100.1 255.255.255.0
duplex auto
speed auto
crypto map vpn
!
router ospf 110
network 10.10.1.0 0.0.0.255 area 0
network 100.100.100.0 0.0.0.255 area 0
!
ip access-list extended getvpntraffic
permit ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255
!
R2#sh running-config
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key isakmp.p1.key address 100.100.100.3
crypto isakmp key isakmp.p1.key address 100.100.100.1
crypto isakmp key isakmp.p1.key address 100.100.100.4
crypto isakmp key isakmp.p1.key address 100.100.100.5
!
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
!
crypto ipsec profile isp
set transform-set wk
!
crypto gdoi group mygroup
identity number 123
server local
rekey algorithm aes 256
rekey retransmit 10 number 2
rekey authentication mypubkey rsa getvpnkey
rekey transport unicast
sa ipsec 1
profile isp
match address ipv4 getvpntraffic
replay time window-size 3
address ipv4 100.100.100.2
redundancy
local priority 25
peer address ipv4 100.100.100.1
!
!
interface Loopback0
ip address 10.10.2.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 100.100.100.2 255.255.255.0
duplex auto
speed auto
!
router ospf 110
network 10.10.2.0 0.0.0.255 area 0
network 100.100.100.0 0.0.0.255 area 0
!
ip access-list extended getvpntraffic
permit ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255
!
R3#sh run
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key isakmp.p1.key address 100.100.100.1
crypto isakmp key isakmp.p1.key address 100.100.100.2
!
!
crypto gdoi group mygroup
identity number 123
server address ipv4 100.100.100.1
server address ipv4 100.100.100.2
!
!
crypto map vpn 10 gdoi
set group mygroup
match address gmacl
!
interface Loopback0
ip address 10.10.3.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 100.100.100.3 255.255.255.0
duplex auto
speed auto
crypto map vpn
!
router ospf 110
network 10.10.3.0 0.0.0.255 area 0
network 100.100.100.0 0.0.0.255 area 0
!
ip access-list extended gmacl
deny ip 10.10.3.0 0.0.0.255 10.10.1.0 0.0.0.255
!
R4#sh running-config
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key isakmp.p1.key address 100.100.100.1
crypto isakmp key isakmp.p1.key address 100.100.100.2
!
!
crypto gdoi group mygroup
identity number 123
server address ipv4 100.100.100.1
server address ipv4 100.100.100.2
!
!
crypto map vpn 10 gdoi
set group mygroup
!
!
interface Loopback0
ip address 10.10.4.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 100.100.100.4 255.255.255.0
duplex auto
speed auto
crypto map vpn
!
!
router ospf 110
network 10.10.4.0 0.0.0.255 area 0
network 100.100.100.0 0.0.0.255 area 0
!
R5#sh running-config
!
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key isakmp.p1.key address 100.100.100.1
crypto isakmp key isakmp.p1.key address 100.100.100.2
!
!
crypto gdoi group mygroup
identity number 123
server address ipv4 100.100.100.1
server address ipv4 100.100.100.2
!
!
crypto map vpn 10 gdoi
set group mygroup
!
!
interface Loopback0
ip address 10.10.5.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 100.100.100.5 255.255.255.0
duplex auto
speed auto
crypto map vpn
!
!
router ospf 110
network 10.10.5.0 0.0.0.255 area 0
network 100.100.100.0 0.0.0.255 area 0
!