本实验不需要考虚路由的问题,动态路由解决路由的问题.

R1

!

crypto isakmp policy 10

 authentication pre-share

crypto isakmp key cisco address 202.102.1.2

!

!

crypto ipsec transform-set cisco esp-des esp-md5-hmac

!

crypto ipsec profile aaa

 set transform-set cisco

!

!

!

!

!

!

interface Loopback0

 ip address 1.1.1.1 255.255.255.0

!

interface Loopback1

 ip address 2.2.2.2 255.255.255.0

!

interface Loopback2

ip address 3.3.3.3 255.255.255.0

!

interface Tunnel0

 ip address 123.1.1.1 255.255.255.0

 tunnel source Serial1/1

 tunnel destination 202.102.1.2

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile aaa

!

!感兴趣的数据流是所有进出此接口的流量,跑一个路由协议解决了路由的问题,这样感兴趣的数据流也不用写了

interface Serial1/1

 ip address 202.102.1.1 255.255.255.0

 serial restart-delay 0

!

!

router ospf 1

 log-adjacency-changes

 network 1.1.1.1 0.0.0.0 area 0

 network 2.2.2.2 0.0.0.0 area 0

 network 3.3.3.3 0.0.0.0 area 0

 network 123.1.1.1 0.0.0.0 area 0

!

 

R2

 

crypto isakmp policy 10

 authentication pre-share

crypto isakmp key cisco address 202.102.1.1

!

!

crypto ipsec transform-set cisco esp-des esp-md5-hmac

!

crypto ipsec profile aaa

 set transform-set cisco

!

!

!

!

!

!

interface Loopback0

 ip address 4.4.4.4 255.255.255.0

 ip ospf network point-to-point

!

interface Loopback1

 ip address 5.5.5.5 255.255.255.0

 ip ospf network point-to-point

!

interface Loopback2

 ip address 6.6.6.6 255.255.255.0

 ip ospf network point-to-point

!

interface Tunnel0

 ip address 123.1.1.2 255.255.255.0

 tunnel source Serial1/0

 tunnel destination 202.102.1.1

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile aaa

!

!

interface Serial1/0

 ip address 202.102.1.2 255.255.255.0

 serial restart-delay 0

!

!

router ospf 1

 log-adjacency-changes

 network 4.4.4.4 0.0.0.0 area 0

 network 5.5.5.5 0.0.0.0 area 0

 network 6.6.6.6 0.0.0.0 area 0

 network 123.1.1.2 0.0.0.0 area 0

!