站点到站点的×××（总公司到分公司×××)

总公司路由器
en
conf t
ip router 0.0.0.0 0.0.0.0 200.0.0.2
crypto isakmp policy 1
encryption 3des
hash sha
authentication pre-share
group 2
lifetime 10000
exit
crypto isakmp key benet address 201.0.0.2
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
crypto ipsec transform-set benet-set esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 1800
crypto map benet-set 1 ipsec-isakmp
set peer 201.0.0.2
set transform-set benet-set
match address 100
exit
int f0/1
crypto map benet-set
end
wr

 

----------------------------------------------------------------------------------------------------------------------------
分公司路由器
en
conf t
ip roouter 0.0.0.0 0.0.0.0 201.0.0.1
crypto isakmp policy 1
encryption 3des
hash sha
authentication pre-share
group 2
lifetime 10000
exit
crypto isakmp key benet address 200.0.0.1
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
crypto ipsec transform-set benet-set esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 1800
crypto map benet-set 1 ipsec-isakmp
set peer 200.0.0.1
set transform-set benet-set
match address 100
exit
int f0/0
crypto map benet-set
end
wr

 

用思科模拟器做此实验，在测试时多ping几次（PT有bug)