(1.1.1.1)R1(S1/1:12.12.12.1)-----------------(S1/0:12.12.12.2)R2E0/0:23.23.23.2)------------------(E0/0:DHCP)R3(3.3.3.3)
R1:配置
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
!
crypto dynamic-map *** 10
set transform-set wk
!
!
crypto map cisco 1000 ipsec-isakmp dynamic ***
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
!
interface Serial1/1
ip address 12.12.12.1 255.255.255.0
serial restart-delay 0
crypto map cisco
!
ip route 0.0.0.0 0.0.0.0 12.12.12.2
!
!
R3:配置
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key cisco address 12.12.12.1
!
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
!
crypto map *** 10 ipsec-isakmp
set peer 12.12.12.1
set transform-set wk
match address 101
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Ethernet0/0
ip address dhcp
half-duplex
crypto map ***
!
ip route 0.0.0.0 0.0.0.0 23.23.23.2
!
!
!
access-list 101 permit ip 3.3.3.0 0.0.0.255 1.1.1.0 0.0.0.255
!
!
PS:中心不能主动发起连接,必须有分支机构首先发起连接。
转载于:https://blog.51cto.com/2974159/797338