还是以上一篇的拓扑图来讲解
R1上配置
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 23.23.23.3
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
mode tunnel
<与GRE over IPSec配置区另之一:SVTI技术使用隧道模式>
crypto ipsec profile ipsecprof
<创建 IPsec profile 名字为“ipsecprof”>
set transform-set cisco
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Tunnel0
ip address 123.123.123.1 255.255.255.0
tunnel source 12.12.12.1
tunnel destination 23.23.23.3
tunnel mode ipsec ipv4
<与GRE over IPSec配置区另之二:SVTI技术使用IPSec ipv4隧道模式>
tunnel protection ipsec profile ipsecprof
!
crypto isakmp policy 10R3上配置
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 12.12.12.1
!
!
crypto ipsec transform-set trans13 esp-des esp-md5-hmac
mode tunnel
<与GRE over IPSec配置区另之一:SVTI技术使用隧道模式>
!
crypto ipsec profiel ipsecprof
set transform-set trans13
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Tunnel0
ip address 123.123.123.3 255.255.255.0
tunnel source 23.23.23.3
tunnel destination 12.12.12.1
tunnel mode ipsec ipv4
<与GRE over IPSec配置区另之二:SVTI技术使用IPSec ipv4隧道模式>
tunnel protection ipsec profile ipsecprof
