R1--s1/0-------------------R2--s1/0
12.1.1.1 12.1.1.2
各自loopback0 1.1.1.1 2.2.2.2 /24
R1:
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 12.1.1.2
!
!
crypto ipsec transform-set test esp-3des esp-sha-hmac
!
crypto map 1 1 ipsec-isakmp
set peer 12.1.1.2
set transform-set test
match address 100
access-list 100 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
R2:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key cisco address 12.1.1.1
crypto ipsec transform-set test esp-3des esp-sha-hmac
!
crypto map 1 1 ipsec-isakmp
set peer 12.1.1.1
set transform-set test
match address 100
!
access-list 100 permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
各自的s1/0接口调用 crypto map 1
本帖最后由 cisco-ie 于 2011-5-26 14:18 编辑
分享至: