Dynamic Multipoint VPN (DMVPN) Design Guide (Version 1.1)
Scalability Test Bed Configuration Files
Downloads: This chapterpdf (PDF - 440.0KB) The complete bookPDF (PDF - 2.43MB) | Feedback

Scalability Test Bed Configuration Files

Table Of Contents

Scalability Test Bed Configuration Files

Cisco 7200VXR/NPE-G1/SA-VAM2 Headend Configuration

Cisco ASR1004 Headend Configuration

Cisco 7600/Sup720/VPN SPA Headend Configuration

Cisco 7200VXR/Cisco 7600 Dual Tier Architecture Headend Configuration

Tier #1 (mGRE)

Tier #2 (IPsec)

Cisco ISR Branch Office Configuration


Scalability Test Bed Configuration Files


The configurations for the central and branch sites are listed below in the following sections. These configurations have been extracted from real configurations used in Cisco scalability testing, and are provided as a reference only.

Cisco 7200VXR/NPE-G1/SA-VAM2 Headend Configuration

There are two headend devices in the test bed, each configured with one mGRE tunnel. A dual hub-dual DMVPN cloud design is assumed. The configuration shown below is an excerpt of the first headend and does not show the entire configuration. Pre-shared keys with a wildcard address are used at the headend for simplicity of the ISAKMP authentication, although this is not recommended for customer use.

Headend #1:

ip cef
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key bigsecret address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac 
no crypto ipsec nat-transparency udp-encaps
!
crypto ipsec profile vpn-dmvpn
 set transform-set vpn-test 
!
interface Loopback0
 description Loopback0
 ip address 10.57.1.255 255.255.255.255
!
interface Tunnel0
 description Tunnel0
 bandwidth 1000000
 ip address 10.56.0.1 255.255.252.0
 no ip redirects
 ip hold-time eigrp 1 35
 ip nhrp authentication test
 ip nhrp map multicast dynamic
 ip nhrp network-id 105600
 ip nhrp holdtime 600
 no ip split-horizon eigrp 1
 ip summary-address eigrp 1 10.0.0.0 255.0.0.0 5
 tunnel source GigabitEthernet0/1
 tunnel mode gre multipoint
 tunnel key 105600
 tunnel protection ipsec profile vpn-dmvpn
! 
interface GigabitEthernet0/1
 description GigabitEthernet0/1
 ip address 192.168.251.1 255.255.255.248
 duplex auto
 speed auto
 media-type gbic
 negotiation auto
!
interface GigabitEthernet0/2
 description GigabitEthernet0/2
 ip address 10.57.1.1 255.255.255.248
 duplex auto
 speed auto
 media-type gbic
 negotiation auto
!
router eigrp 1
 network 10.0.0.0
 no auto-summary
!
ip route 192.168.0.0 255.255.0.0 192.168.251.2
!

Cisco ASR1004 Headend Configuration

This configuration is for the Cisco ASR1004, where the ASR is aggregating 1000 DMVPN hub-and-spoke tunnels.

Headend #1:

boot-start-marker
boot system flash bootflash:asr1000rp1-adventerprisek9.02.01.00.122-33.XNA.bin
boot-end-marker
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered 1024000
enable password cisco
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
no ip ftp passive
ip ftp source-interface GigabitEthernet0
ip tftp source-interface GigabitEthernet0
no ip domain lookup
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
redundancy
 mode sso
 no policy config-sync bulk prc reload
!
!
! 
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key bigsecret address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set vpn-test esp-aes esp-sha-hmac 
!
crypto ipsec profile vpn-dmvpn
 set transform-set vpn-test 
!
!
!
buffers tune automatic
!
!
!
interface Tunnel0
 description Tunnel0
 bandwidth 100000
 ip address 10.56.0.1 255.255.248.0
 no ip redirects
 ip hold-time eigrp 1 35
 no ip next-hop-self eigrp 1
 ip nhrp authentication test
 ip nhrp map multicast dynamic
 ip nhrp network-id 105600
 ip nhrp holdtime 1800
 ip nhrp registration timeout 120
 no ip split-horizon eigrp 1
 load-interval 30
 qos pre-classify
 tunnel source Loopback0
 tunnel mode gre multipoint
 tunnel key 105600
 tunnel protection ipsec profile vpn-dmvpn
!
interface Loopback0
 ip address 192.168.30.1 255.255.255.255
!
interface GigabitEthernet0/2/0
 description GigabitEthernet0/2/0
 ip address 192.168.32.252 255.255.255.0
 no ip proxy-arp
 load-interval 30
 negotiation auto
 plim qos input map ip dscp-based
 plim qos input map ip dscp  34  40  queue strict-priority
 no cdp enable
 hold-queue 4096 in
 hold-queue 4096 out
!
!
interface GigabitEthernet0/3/0
 description GigabitEthernet0/3/0
 ip address 10.204.0.1 255.252.0.0
 load-interval 30
 negotiation auto
 plim qos input map ip dscp-based
 plim qos input map ip dscp  34  40  queue strict-priority
 no cdp enable
 service-policy input INGRESS
 service-policy output campus
!
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 172.26.182.168 255.255.252.0
 speed 100
 duplex full
 no negotiation auto
!
router eigrp 1
 network 10.0.0.0
 no auto-summary
 passive-interface GigabitEthernet0/2/2
!
router eigrp 100
 network 192.168.32.0
!
ip classless
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 172.26.180.1
!
no ip http server
no ip http secure-server
!
!
snmp-server community public RO
snmp-server community private RW
!
!
!
control-plane
!
!
line con 0
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 password cisco
 login
!
ntp clock-period 17175902
end

Cisco 7600/Sup720/VPN SPA Headend Configuration

This configuration is for the Cisco 7600 with Sup720 and VPN SPA where the 7600 router is aggregating 1000 DMVPN hub-and-spoke tunnels.

Headend #1:

hostname vpn6-7600-1
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
clock calendar-valid
ip subnet-zero
ip rcmd rsh-enable
!
no ip domain-lookup
ipv6 mfib hardware-switching replication-mode ingress
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
no scripting tcl init
no scripting tcl encdir
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key bigsecret address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac 
no crypto ipsec nat-transparency udp-encaps
!
crypto dynamic-map dmap-vlan100 10
 set transform-set vpn-test 
!
crypto dynamic-map dmap-vlan101 10
 set transform-set vpn-test 
!
crypto map dynamic-map-vlan100 local-address Vlan100
crypto map dynamic-map-vlan100 10 ipsec-isakmp dynamic dmap-vlan100 
!
crypto map dynamic-map-vlan101 local-address Vlan101
crypto map dynamic-map-vlan101 10 ipsec-isakmp dynamic dmap-vlan101 
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
power redundancy-mode combined
no diagnostic cns publish
no diagnostic cns subscribe
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
interface Loopback0
 description Loopback0
 ip address 10.57.255.251 255.255.255.255
!
interface Tunnel0
 description Tunnel0
 bandwidth 100000
 ip address 10.56.0.1 255.255.252.0
 no ip redirects
 ip hold-time eigrp 1 35
 no ip next-hop-self eigrp 1
 ip nhrp authentication test
 ip nhrp map multicast dynamic
 ip nhrp network-id 105600
 ip nhrp holdtime 1800
 ip nhrp registration timeout 120
 no ip split-horizon eigrp 1
 load-interval 30
 tunnel source 192.168.241.1
 tunnel mode gre multipoint
!
interface Tunnel1
 description Tunnel1
 bandwidth 100000
 ip address 10.56.8.1 255.255.252.0
 no ip redirects
 ip hold-time eigrp 1 35
 no ip next-hop-self eigrp 1
 ip nhrp authentication test
 ip nhrp map multicast dynamic
 ip nhrp network-id 105680
 ip nhrp holdtime 1800
 ip nhrp registration timeout 120
 no ip split-horizon eigrp 1
 load-interval 30
 tunnel source 192.168.242.1
 tunnel mode gre multipoint
!
interface GigabitEthernet3/1
 description GigabitEthernet3/1 Outside Interface
 no ip address
 load-interval 30
 crypto connect vlan 100
!
interface GigabitEthernet3/2
 description GigabitEthernet3/2 Outside Interface
 no ip address
 load-interval 30
 crypto connect vlan 101
!
interface GigabitEthernet3/3
 description GigabitEthernet3/3
 no ip address
 load-interval 30
 shutdown
!
interface GigabitEthernet4/0/1
 description GigabitEthernet4/0/1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100,101,1002-1005
 switchport mode trunk
 mtu 9216
 no ip address
 flowcontrol receive on
 flowcontrol send off
 spanning-tree portfast trunk
!
interface GigabitEthernet4/0/2
 description GigabitEthernet4/0/2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,1002-1005
 switchport mode trunk
 mtu 9216
 no ip address
 flowcontrol receive on
 flowcontrol send off
 spanning-tree portfast trunk
!
interface GigabitEthernet5/1
 description GigabitEthernet5/1 Inside Interface
 ip address 10.57.1.1 255.255.255.0
 no ip redirects
 load-interval 30
!
interface GigabitEthernet6/2
 description FlashNet
 ip address 172.26.177.251 255.255.252.0
 load-interval 30
 media-type rj45
 speed 100
 duplex full
!
interface Vlan1
 description Vlan1
 no ip address
 load-interval 30
 shutdown
!
interface Vlan100
 description Vlan100
 ip address 192.168.241.1 255.255.255.0
 no ip redirects
 load-interval 30
 no mop enabled
 crypto map dynamic-map-vlan100
 crypto engine subslot 4/0
!
interface Vlan101
 description Vlan101
 ip address 192.168.242.1 255.255.255.0
 no ip redirects
 load-interval 30
 no mop enabled
 crypto map dynamic-map-vlan101
 crypto engine subslot 4/0
!
router eigrp 1
 network 10.0.0.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.26.176.1
ip route 10.60.0.254 255.255.255.255 192.168.241.2
ip route 10.60.1.254 255.255.255.255 192.168.241.2
ip route 10.60.2.254 255.255.255.255 192.168.241.2
ip route 10.60.3.254 255.255.255.255 192.168.241.2
ip route 10.60.4.254 255.255.255.255 192.168.241.2
ip route 10.60.5.254 255.255.255.255 192.168.241.2
ip route 10.60.6.254 255.255.255.255 192.168.241.2
ip route 10.60.7.254 255.255.255.255 192.168.241.2
ip route 10.60.8.254 255.255.255.255 192.168.241.2
ip route 10.60.9.254 255.255.255.255 192.168.241.2
ip route 10.60.10.254 255.255.255.255 192.168.241.2
. . . lines omitted . . .
ip route 10.67.0.254 255.255.255.255 192.168.242.2
ip route 10.67.1.254 255.255.255.255 192.168.242.2
ip route 10.67.2.254 255.255.255.255 192.168.242.2
ip route 10.67.3.254 255.255.255.255 192.168.242.2
ip route 10.67.4.254 255.255.255.255 192.168.242.2
ip route 10.67.5.254 255.255.255.255 192.168.242.2
ip route 10.67.6.254 255.255.255.255 192.168.242.2
ip route 10.67.7.254 255.255.255.255 192.168.242.2
ip route 10.67.8.254 255.255.255.255 192.168.242.2
ip route 10.67.9.254 255.255.255.255 192.168.242.2
ip route 10.67.10.254 255.255.255.255 192.168.242.2
ip route 10.67.11.254 255.255.255.255 192.168.242.2
ip route 10.67.12.254 255.255.255.255 192.168.242.2
ip route 10.67.13.254 255.255.255.255 192.168.242.2
ip route 10.67.14.254 255.255.255.255 192.168.242.2
ip route 10.67.15.254 255.255.255.255 192.168.242.2
ip route 10.67.16.254 255.255.255.255 192.168.242.2
ip route 10.67.17.254 255.255.255.255 192.168.242.2
ip route 10.67.18.254 255.255.255.255 192.168.242.2
ip route 10.67.19.254 255.255.255.255 192.168.242.2
ip route 172.26.0.0 255.255.0.0 172.26.176.1
ip route 192.168.0.0 255.255.0.0 192.168.241.2
ip route 192.168.0.0 255.255.0.0 192.168.242.2
!
no ip http server
!
snmp-server community public RO
snmp-server community private RW
snmp-server system-shutdown
!
control-plane
!
dial-peer cor custom
!
line con 0
 exec-timeout 0 0
 password cisco
 login
line vty 0 4
 exec-timeout 0 0
 password cisco
 login
!
ntp clock-period 17180019
ntp server 172.26.176.1
no cns aaa enable
end

Cisco 7200VXR/Cisco 7600 Dual Tier Architecture Headend Configuration

This configuration is for the Cisco 7200VXR terminating mGRE and the Cisco 7600 with Sup720 and VPN SPA providing high-capacity IPsec encryption.

Tier #1 (mGRE)

hostname vpn2-7200-1
!
clock timezone EST -5
clock summer-time EDT recurring
clock calendar-valid
no aaa new-model
ip subnet-zero
ip rcmd rsh-enable
!
ip cef
no ip domain lookup
!
ip multicast-routing 
ip ips po max-events 100
no ftp-server write-enable
!
interface Tunnel0
 description Tunnel0
 bandwidth 100000
 ip address 10.56.0.1 255.255.252.0
 no ip redirects
 ip hold-time eigrp 1 35
 no ip next-hop-self eigrp 1
 ip pim nbma-mode
 ip pim sparse-mode
 ip nhrp authentication test
 ip nhrp map multicast dynamic
 ip nhrp network-id 105600
 ip nhrp holdtime 1800
 ip nhrp registration timeout 120
 no ip split-horizon eigrp 1
 load-interval 30
 tunnel source 192.168.161.1
 tunnel mode gre multipoint
 tunnel key 105600
!
interface Tunnel1
 description Tunnel1
 bandwidth 100000
 ip address 10.56.16.1 255.255.252.0
 no ip redirects
 ip hold-time eigrp 1 35
 no ip next-hop-self eigrp 1
 ip pim nbma-mode
 ip pim sparse-mode
 ip nhrp authentication test
 ip nhrp map multicast dynamic
 ip nhrp network-id 1056160
 ip nhrp holdtime 1800
 ip nhrp registration timeout 120
 no ip split-horizon eigrp 1
 load-interval 30
 tunnel source 192.168.181.1
 tunnel mode gre multipoint
 tunnel key 1056160
!
interface Loopback0
 description Loopback0
 ip address 10.57.255.251 255.255.255.255
!
interface FastEthernet0/0
 description FlashNet
 ip address 172.26.176.14 255.255.252.0
 load-interval 30
 duplex full
 speed 100
!
interface FastEthernet0/1
 description FastEthernet0/1
 no ip address
 load-interval 30
 shutdown
 duplex full
 speed 100
!
interface GigabitEthernet0/1
 description GigabitEthernet0/1
 ip address 192.168.181.1 255.255.255.0 secondary
 ip address 192.168.161.1 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
 media-type gbic
 negotiation auto
!
interface GigabitEthernet0/2
 description GigabitEthernet0/2
 ip address 10.57.1.1 255.255.255.0
 ip pim sparse-mode
 load-interval 30
 duplex auto
 speed auto
 media-type gbic
 negotiation auto
!
interface GigabitEthernet0/3
 description GigabitEthernet0/3
 no ip address
 load-interval 30
 shutdown
 duplex auto
 speed auto
 media-type gbic
 negotiation auto
!
router eigrp 1
 network 10.0.0.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.26.176.1
ip route 172.26.0.0 255.255.0.0 172.26.176.1
ip route 192.168.0.0 255.255.0.0 192.168.161.2
ip route 192.168.0.0 255.255.0.0 192.168.181.2
!
ip http server
no ip http secure-server
!
ip pim autorp listener
!
snmp-server community public RO
snmp-server community private RW
snmp-server system-shutdown
snmp-server enable traps tty
!
control-plane
!
dial-peer cor custom
!
gatekeeper
 shutdown
!
line con 0
 exec-timeout 0 0
 password cisco
 login
 transport preferred all
 transport output all
 stopbits 1
line aux 0
 transport preferred all
 transport output all
 stopbits 1
line vty 0 4
 exec-timeout 0 0
 password cisco
 login
 transport preferred all
 transport input all
 transport output all
line vty 5 15
 exec-timeout 0 0
 password cisco
 login
 transport preferred all
 transport input all
 transport output all
!
ntp clock-period 17180034
ntp server 172.26.176.1
!
end

Tier #2 (IPsec)

hostname vpn6-7600-1
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
clock calendar-valid
ip subnet-zero
ip rcmd rsh-enable
!
no ip domain-lookup
ipv6 mfib hardware-switching replication-mode ingress
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
no mls acl tcam share-global
mls cef error action freeze
no scripting tcl init
no scripting tcl encdir
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key bigsecret address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
!
crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac 
no crypto ipsec nat-transparency udp-encaps
!
crypto dynamic-map dmap 10
 set transform-set vpn-test 
!
crypto map dynamic-map local-address Vlan100
crypto map dynamic-map 10 ipsec-isakmp dynamic dmap 
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
power redundancy-mode combined
no diagnostic cns publish
no diagnostic cns subscribe
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
interface GigabitEthernet3/1
 description GigabitEthernet3/1 Outside Interface
 no ip address
 load-interval 30
 crypto connect vlan 100
!
interface GigabitEthernet3/2
 description GigabitEthernet3/2
 no ip address
 load-interval 30
 shutdown
!
interface GigabitEthernet4/0/1
 description GigabitEthernet4/0/1
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,100,1002-1005
 switchport mode trunk
 mtu 9216
 no ip address
 load-interval 30
 flowcontrol receive on
 flowcontrol send off
 spanning-tree portfast trunk
!
interface GigabitEthernet4/0/2
 description GigabitEthernet4/0/2
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,1002-1005
 switchport mode trunk
 mtu 9216
 no ip address
 load-interval 30
 flowcontrol receive on
 flowcontrol send off
 spanning-tree portfast trunk
!
interface GigabitEthernet5/1
 description GigabitEthernet5/1 to vpn2-7200-1 GE0/1
 ip address 192.168.181.2 255.255.255.0 secondary
 ip address 192.168.161.2 255.255.255.0
 no ip redirects
 load-interval 30
!
interface GigabitEthernet5/2
 description GigabitEthernet5/2 to vpn2-7200-2 GE0/1
 ip address 192.168.191.2 255.255.255.0 secondary
 ip address 192.168.171.2 255.255.255.0
 no ip redirects
 load-interval 30
!
interface GigabitEthernet5/3
 description GigabitEthernet5/3
 no ip address
 load-interval 30
 shutdown
!
interface GigabitEthernet6/2
 description FlashNet
 ip address 172.26.177.251 255.255.252.0
 load-interval 30
 media-type rj45
 speed 100
 duplex full
!
interface Vlan1
 description Vlan1
 no ip address
 load-interval 30
 shutdown
!
interface Vlan100
 description Vlan100
 ip address 192.168.241.1 255.255.255.0
 load-interval 30
 no mop enabled
 crypto map dynamic-map
 crypto engine subslot 4/0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.26.176.1
ip route 172.26.0.0 255.255.0.0 172.26.176.1
ip route 192.168.0.0 255.255.0.0 192.168.241.2
!
no ip http server
!
snmp-server community public RO
snmp-server community private RW
snmp-server system-shutdown
!
control-plane
!
dial-peer cor custom
!
line con 0
 exec-timeout 0 0
 password cisco
 login
line vty 0 4
 exec-timeout 0 0
 password cisco
 login
!
ntp clock-period 17180035
ntp server 172.26.176.1
no cns aaa enable
end

Cisco ISR Branch Office Configuration

The following shows relevant configurations for one branch site router. A dual hub-dual DMVPN cloud design is employed by using two tunnels, one to each headend. The EIGRP delay metric is used to make Tunnel0 the preferred path. This configuration shows QoS for VoIP flows (shaping and queuing) applied to the physical (outside) interface, the recommended use of summary routes, and an EIGRP stub configuration.

Branch #1:

ip cef
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key bigsecret address 192.168.251.1
crypto isakmp key bigsecret address 192.168.252.1
!
crypto ipsec transform-set vpn-test esp-3des esp-sha-hmac 
no crypto ipsec nat-transparency udp-encaps
!
crypto ipsec profile vpn-dmvpn
 set transform-set vpn-test 
!
class-map match-all VOICE
  match ip dscp ef 
 class-map match-any CALL-SETUP
  match ip dscp af31 
  match ip dscp cs3 
 class-map match-any INTERNETWORK-CONTROL
  match ip dscp cs6 
  match access-group name IKE
 class-map match-all TRANSACTIONAL-DATA
  match ip dscp af21 
!
 policy-map 192kb
  class CALL-SETUP
   bandwidth percent 2
  class INTERNETWORK-CONTROL
   bandwidth percent 5
  class TRANSACTIONAL-DATA
   bandwidth percent 22
   queue-limit 16
  class VOICE
   priority 64
  class class-default
   fair-queue
   queue-limit 6
 policy-map 192kb-shaper
  class class-default
   shape average 182400 1824 0
   service-policy 192kb
!
interface Loopback0
 description Loopback0
 ip address 10.61.138.254 255.255.255.255
!
interface Tunnel0
 description Tunnel0
 bandwidth 192
 ip address 10.56.3.10 255.255.252.0
 ip hold-time eigrp 1 35
 ip nhrp authentication test
 ip nhrp map 10.56.0.1 192.168.251.1
 ip nhrp map multicast 192.168.251.1
 ip nhrp network-id 105600
 ip nhrp holdtime 300
 ip nhrp nhs 10.56.0.1
 ip summary-address eigrp 1 10.61.148.0 255.255.255.0 5
 qos pre-classify
 tunnel source 192.168.100.6
 tunnel destination 192.168.251.1
 tunnel key 105600
 tunnel protection ipsec profile vpn-dmvpn
!
interface Tunnel1
 description Tunnel1
 bandwidth 192
 ip address 10.56.7.10 255.255.252.0
 ip hold-time eigrp 1 35
 ip nhrp authentication test
 ip nhrp map 10.56.4.1 192.168.252.1
 ip nhrp map multicast 192.168.252.1
 ip nhrp network-id 105640
 ip nhrp holdtime 300
 ip nhrp nhs 10.56.4.1
 ip summary-address eigrp 1 10.61.148.0 255.255.255.0 5
 delay 60000
 qos pre-classify
 tunnel source 192.168.100.6
 tunnel destination 192.168.252.1
 tunnel key 105640
 tunnel protection ipsec profile vpn-dmvpn
!
interface Serial0/0
 description Serial0/0 
 bandwidth 192
 ip address 192.168.100.6 255.255.255.252
 service-policy output 192kb-shaper
!
interface FastEthernet0/1
 description FastEthernet0/1
 ip address 10.61.148.129 255.255.255.192 secondary
 ip address 10.61.148.1 255.255.255.128
 speed 100
 full-duplex
!
router eigrp 1
 network 10.0.0.0
 no auto-summary
 eigrp stub connected summary
!
ip route 0.0.0.0 0.0.0.0 192.168.100.5!
ip access-list extended IKE
 permit udp any any eq isakmp
!