R1:
en
conf t
int f0/0
ip add 200.1.1.1 255.255.255.252
no shut
int f0/1
ip add 100.1.1.1 255.255.255.252
no shut
int l0
ip add 10.1.1.1 255.255.255.0
no shut
exit
ip route 192.168.1.0 255.255.255.0 200.1.1.2
acc 100 per ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
cry is policy 1
en 3des
ha md5
gro 2
au pr
exit
cry is key 123456 add 200.1.1.2
cry ips tr r1-r2 ah-md5 esp-3des
cry map r1-2-r2 10 ipsec-is
set peer 200.1.1.2
mat add 100
set tr r1-r2
exit
int f0/0
cry map r0-2-r1
R2:
en
conf t
int f0/0
ip add 200.1.1.2 255.255.255.252
en
conf t
int f0/0
ip add 100.1.1.2 255.255.255.252
cry is policy 1
en 3des
ha md5
gro 2
au pr
exit
cry is key 123456 add 200.1.1.1
cry ips tr r2-r1 ah-md5 esp-3des
cry map r2-2-r1 10 ipsec-is
set peer 200.1.1.1
mat add 100
set tr r2-r1
exit
int f0/0
cry map r2-2-r1
exit
acc 100 per ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
转载于:https://blog.51cto.com/guowang1102/1190761