拓撲:
LO1——R1——R2——LO1
R1 s0/1: 10.10.1.1/30
LO1:1.1.1.0/24
R2 s0/2: 10.10.1.2/30
LO1:2.2.2.0/24
RA
int lo 1
ip add 1.1.1.1 255.255.255.0 ‘模擬內網
no sh
exit
int s0/1
ip add 10.10.1.1 255.255.255.0
no sh
exit
cry is key 123456 0.0.0.0 0.0.0.0
cry is po 1
hash md5
exit
cry ip tr lin
tr ah-md5-hmac esp-3des
exit
cry dynamic-map lin2 ’動態模版
set tr lin
exit
cry ma pp 1 ipsec-isakmp dynamic lin2
exit
int s0/1
cry ma pp
no sh
exit
ip route def 10.10.1.2
R2
in lo 1
ip add 2.2.2.1 255.255.255.0
no sh
exit
in s0/2
ip add 10.10.1.2 255.255.255.252
ph sp 64000
no sh
exit
cry is key 123456 10.10.1.1 255.255.255.255
cry is po 1
hash md5
exit
cry ip tr lin
tr ah-md5-hmac esp-3des
exit
cry ma pp 1 ipsec-isakmp
set peer 10.10.1.1
set tr lin
match address ***
exit
ip route def 10.10.1.1
ip acc ex ***
per ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
exit