R1#sh run 

Building configuration...

Current configuration : 2388 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

!

!

!

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

ip tcp synwait-time 5

! 

!

crypto isakmp policy 1

 hash md5 

 authentication pre-share

 group 2

crypto isakmp key 6 LUCAS address 192.168.1.2

!

!

crypto ipsec transform-set TRANSFORM-SET esp-3des 

!

crypto map MEU-IPSEC 10 ipsec-isakmp 

 set peer 192.168.1.2

 set transform-set TRANSFORM-SET 

 match address 100

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

!

interface Tunnel0

 ip address 192.168.1.1 255.255.255.0

 tunnel source 1.1.1.1

 tunnel destination 2.2.2.2

 tunnel key 0

 crypto map MEU-IPSEC

!

interface FastEthernet0/0

 ip address 10.0.0.1 255.255.255.252

 shutdown

 duplex auto

 speed auto

!

interface Serial0/0

 ip address 10.0.0.5 255.255.255.252

 clock rate 2000000

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

!

router ospf 1

 router-id 1.1.1.1

 log-adjacency-changes

 network 1.1.1.1 0.0.0.0 area 0

 network 10.0.0.1 0.0.0.0 area 0

!

ip forward-protocol nd

ip route 2.2.2.2 255.255.255.255 10.0.0.6

!

!

no ip http server

no ip http secure-server

!

access-list 100 permit ip host 0.0.0.0 any

no cdp log mismatch duplex

!

!

!

control-plane

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

!

!

EVENTO CRIA UMA ROTA PARA ATINGIR O R2 VIA R3 SE A INTERFACE PRINCIPAL CAIR E O OSPF IR A DOWN

event manager applet OSPF-DOWN-VIAFA0/0 

 event syslog pattern "%OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from FULL to DOWN"

 action 1.0 syslog msg "criando rota backup..."

 action 1.1 cli command "enable"

 action 1.2 cli command "conf t"

 action 1.3 cli command "ip route 2.2.2.2 255.255.255.255 10.0.0.6"

 action 1.4 cli command "wr"

EVENTO EXCLUI A ROTA ESTATICA QUANDO A INTERFACE PRINCIPAL FICAR UP UP

event manager applet OSPF-UP-VIAFA0/0 

 event syslog pattern "%OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from LOADING to FULL"

 action 1.0 syslog msg "excluindo rota backup..."

 action 1.1 cli command "enable"

 action 1.2 cli command "conf t"

 action 1.3 cli command "no ip route 2.2.2.2 255.255.255.255 10.0.0.6"

 action 1.4 cli command "wr"

!

end

EVENTO 

SIMULANDO A INTERFACE DOWN

R1(config-if)#shut                      

R1(config-if)#

*Mar  1 00:14:24.335: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached

*Mar  1 00:14:24.383: %HA_EM-6-LOG: OSPF-DOWN-VIAFA0/0: criando rota backup...

R1(config-if)#

*Mar  1 00:14:24.491: %SYS-5-CONFIG_I: Configured from console by vty0

R1(config-if)#

*Mar  1 00:14:26.327: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

*Mar  1 00:14:27.327: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

R1(config-if)#no shut                   

R1(config-if)#

*Mar  1 00:14:33.251: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet0/0 from LOADING to FULL, Loading Done

*Mar  1 00:14:33.275: %HA_EM-6-LOG: OSPF-UP-VIAFA0/0: excluindo rota backup...

R1(config-if)#

*Mar  1 00:14:33.495: %SYS-5-CONFIG_I: Configured from console by vty0

R1(config-if)#

*Mar  1 00:14:35.047: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

*Mar  1 00:14:36.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R1(config-if)#^Z

R1#

*Mar  1 00:14:37.195: %SYS-5-CONFIG_I: Configured from console by console

R1#

configuração R2

R2#SH RUN 

Building configuration...

Current configuration : 1576 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

!

!

!

!

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

ip tcp synwait-time 5

! 

!

crypto isakmp policy 1

 hash md5 

 authentication pre-share

 group 2

crypto isakmp key 6 LUCAS address 192.168.1.1

!

!

crypto ipsec transform-set TRANSFORM-SET esp-3des 

!

crypto map MEU-IPSEC 10 ipsec-isakmp 

 set peer 192.168.1.1

 set transform-set TRANSFORM-SET 

 match address 100

interface Loopback0

 ip address 2.2.2.2 255.255.255.255

!

interface Tunnel0

 ip address 192.168.1.2 255.255.255.0

 tunnel source 2.2.2.2

 tunnel destination 1.1.1.1

 tunnel key 0

 crypto map MEU-IPSEC

!

interface FastEthernet0/0

 ip address 10.0.0.2 255.255.255.252

 duplex auto

 speed auto

!

interface FastEthernet0/1

 ip address 10.0.0.10 255.255.255.252

 ip ospf 1 area 0

 duplex auto

 speed auto

!

router ospf 1

 router-id 2.2.2.2

 log-adjacency-changes

 network 2.2.2.2 0.0.0.0 area 0

 network 10.0.0.2 0.0.0.0 area 0

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

!

access-list 100 permit ip host 0.0.0.0 any

no cdp log mismatch duplex

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

R2#sh crypto ipsec sa

interface: Tunnel0

    Crypto map tag: MEU-IPSEC, local addr 2.2.2.2

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (0.0.0.0/255.255.255.255/0/0)

   remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)

   current_peer 192.168.1.1 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

     local crypto endpt.: 2.2.2.2, remote crypto endpt.: 192.168.1.1

     path mtu 1472, ip mtu 1472, ip mtu idb Tunnel0

     current outbound spi: 0x0(0)

R3#SH RUN 

Building configuration...

Current configuration : 1221 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

no ip icmp rate-limit unreachable

ip cef

no ip domain lookup

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

terface Loopback0

 ip address 3.3.3.3 255.255.255.255

!

interface FastEthernet0/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface Serial0/0

 ip address 10.0.0.6 255.255.255.252

 clock rate 2000000

!

interface FastEthernet0/1

 ip address 10.0.0.9 255.255.255.252

 duplex auto

 speed auto

!

router ospf 1

 router-id 3.3.3.3

 log-adjacency-changes

 redistribute static subnets

 network 3.3.3.3 0.0.0.0 area 0

 network 10.0.0.9 0.0.0.0 area 0

!

ip forward-protocol nd

ip route 1.1.1.1 255.255.255.255 10.0.0.5

!

!

no ip http server

no ip http secure-server

!

no cdp log mismatch duplex

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

!

!

end