拓扑结构R1----R2-----R3
R1#sh run
Building configuration...
Current configuration : 1086 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key prekey address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set trset esp-3des esp-sha-hmac
!
crypto dynamic-map dymap 10
set transform-set trset
match address 101
!
!
crypto map crmap 10 ipsec-isakmp dynamic dymap
!
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
crypto map crmap
!
interface FastEthernet1/0
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end
R2不需要配什么,就把接口Ip配置好就行,路由什么的都不需要。
R3#sh run
Building configuration...
Current configuration : 1058 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key prekey address 192.168.1.2
!
!
crypto ipsec transform-set trset esp-3des esp-sha-hmac
!
crypto map crmap 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set trset
match address 101
!
!
!
interface FastEthernet0/0
ip address 192.168.2.2 255.255.255.0
duplex auto
speed auto
crypto map crmap
!
interface FastEthernet1/0
ip address 172.16.2.1 255.255.255.0
duplex auto
speed auto
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
!
access-list 101 permit ip 172.16.2.0 0.0.0.255 172.16.1.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end