配置:
阶段一:定义isakmp策略  R1(config)#cryptol isakmp policy 10
                      
         R1(config-isakmp)#authentication pre-share
                      
         R1(config-isakmp)#encryption 3DES
                      
         R1(config-isakmp)#group 2
                      
         R1(config-isakmp)#hash md5
               
         R1(config-isakmp)#lifetime 86400
         R1(config)#crypto isakmp key 0 CISCO address 20.1.1.2
阶段二:定义ipsec策略   R1(config)#crypto ipsec transform-set 123 esp-3des esp-md5-hmac
        
         R1(cfg-crypto-trans)#mode tunnel
阶段三:定义感兴趣流    R1(config)#accesse-list 101 permit ip ho 1.1.1.1 ho 3.3.3.3
阶段四:定义cryptomap   R1(config)#crypto map mymap 10 ipsec-isakmp
         R1(config-crypto-map)#match address 101
        
         R1(config-crypto-map)#set transform-set 123
        
         R1(config-crypto-map)#set peer 20.1.1.2
阶段五:接口下应用      R1(config)#int s0/0
         R1(config-if)#crypto map mymap
附加:定义私网路由      R1(config)#ip route 3.3.3.0 255.255.255.0 s0/0
查看 isakmp策略信息 show isakmp policy
     isakmp信息(阶段一)show crypto isakmp sa
     ipsec信息(阶段二) show crypto ipsec sa
     加解密包数量及信息  show crypto engine connections active