同上次类似
R1#show run
Building configuration...
Current configuration : 1289 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 10
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
!
!
!
!
!
crypto keyring cisco
pre-shared-key address 10.1.1.2 key cisco
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp profile cisco
keyring cisco
match identity address 10.1.1.2 255.255.255.255
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto ipsec profile cisco
set transform-set cisco
set isakmp-profile cisco
!
!
!
!
interface Tunnel0
ip address 192.168.1.1 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 10.1.1.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile cisco
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip classless
ip route 2.2.2.2 255.255.255.255 10.1.1.2
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
R1#ping 2.2.2.2 so 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 124/176/228 ms
R2#show run
Building configuration...
Current configuration : 1289 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 10
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
!
!
!
!
!
crypto keyring cisco
pre-shared-key address 10.1.1.1 key cisco
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp profile cisco
keyring cisco
match identity address 10.1.1.1 255.255.255.255
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto ipsec profile cisco
set transform-set cisco
set isakmp-profile cisco
!
!
!
!
interface Tunnel0
ip address 192.168.1.2 255.255.255.0
tunnel source FastEthernet0/0
tunnel destination 10.1.1.1
tunnel mode ipsec ipv4
tunnel protection ipsec profile cisco
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip classless
ip route 1.1.1.1 255.255.255.255 10.1.1.1
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
R2#ping 1.1.1.1 so 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/153/204 ms
R2#