思科L2L VPN详解

R1
r1#show run
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 23.1.1.1
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 23.1.1.1
set transform-set cisco
match address vpn
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial1/0
ip address 12.1.1.1 255.255.255.0
serial restart-delay 0
crypto map cisco
!
ip classless
ip route 3.3.3.3 255.255.255.255 12.1.1.2
ip route 23.1.1.1 255.255.255.255 12.1.1.2
!
ip access-list extended vpn
permit ip host 1.1.1.1 host 3.3.3.3
!
end
R3:
r3#show run
r3#show running-config
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 12.1.1.1
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 12.1.1.1
set transform-set cisco
match address vpn
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial1/1
ip address 23.1.1.1 255.255.255.0
serial restart-delay 0
crypto map cisco
ip classless
ip route 1.1.1.1 255.255.255.255 23.1.1.2
ip route 12.1.1.1 255.255.255.255 23.1.1.2
!
ip access-list extended vpn
permit ip host 3.3.3.3 host 1.1.1.1
!
end
r3#
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.