ip address 192.168.1.1 255.255.255.0
no shut
ip address 192.168.2.1 255.255.255.0
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip address 202.100.1.2 255.255.255.0
ip nat outside
permit ip any any
ip address 202.100.1.3 255.255.255.0
ip address 202.100.2.3 255.255.255.0
nameif Inside
security-level 100
ip address 172.16.1.10 255.255.255.0
nameif Outside
security-level 0
ip address 202.100.2.10 255.255.255.0
access-group OUTSIDE in interface Outside
ip address 172.16.1.4 255.255.255.0
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp identity hostname
crypto isakmp keepalive 10 periodic
crypto isakmp peer address 202.100.2.10
set aggressive-mode password cisco123
set aggressive-mode client-endpoint fqdn R1
permit ip 192.168.2.0 0.0.0.255 172.16.1.0 0.0.0.255
set peer 202.100.2.3
set transform-set transet
set pfs group2
match address ×××
reverse-route
authentication pre-share
encryption 3des
hash md5
group 2
tunnel-group 202.100.1.2 ipsec-attributes
ikev1 pre-shared-key cisco123
crypto map crymap 10 set pfs
crypto map crymap 10 set peer 202.100.1.2
crypto map crymap 10 set transform-set transet
crypto map crymap 10 set phase1-mode aggressive
crypto map crymap 10 set reverse-route
crypto map crymap interface Outside
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R4#
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.4, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 28/85/136 ms
Pro Inside global Inside local Outside local Outside global
esp 202.100.1.2:0 192.168.1.1:0 202.100.2.10:0 202.100.2.10:CEC6AC77
udp 202.100.1.2:1 192.168.1.1:500 202.100.2.10:500 202.100.2.10:500
esp 202.100.1.2:0 192.168.1.1:CCA11424 202.100.2.10:0 202.100.2.10:0
udp 202.100.1.2:500 202.100.1.2:500 202.100.2.10:500 202.100.2.10:500
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.4, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 16/51/92 ms