IPSce ××× site to site设置方法

1、设置×××的感兴趣流量
access-list 100 remark SDM_ACL_Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255

2、设置×××连接密匙与对端地址
crypto isakmp key cisco address 192.168.24.14

3、设置×××策略
crypto isakmp policy 1
 encr 3des   #加密算法
 authentication pre-share #认证（预共享认证）
 group 2    #组别

4、设置转换集
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

5、设置映射
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description tunnel to 192.168.24.14
 match address 100
 set peer 192.168.24.14
 set transform-set ESP-3DES-SHA

6、物理接口调用
interface fastethernet 0/0
 crypto map SDM_CMAP_1