(1.1.1.1)R1(S1/1:12.12.12.1)-----------------(S1/0:12.12.12.2)R2(S1/1:23.23.23.2)------------------(S1/0:23.23.3)R3(3.3.3.3)
R1# sh run
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 23.23.23.3
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 23.23.23.3
set transform-set wk
match address 101
!
interface Tunnel1
ip address 192.168.1.1 255.255.255.0
tunnel source 12.12.12.1
tunnel destination 23.23.23.3
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
!
interface Serial1/1
ip address 12.12.12.1 255.255.255.0
serial restart-delay 0
crypto map vpn
!
router ospf 110
router-id 1.1.1.1
network 1.1.1.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 12.12.12.2
!
access-list 101 permit ip host 12.12.12.1 host 23.23.23.3
R2#sh running-config
interface Serial1/0
ip address 12.12.12.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
ip address 23.23.23.2 255.255.255.0
serial restart-delay 0
R3#sh running-config
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 12.12.12.1
!
!
crypto ipsec transform-set wk esp-des esp-md5-hmac
mode transport
!
crypto map vpn 10 ipsec-isakmp
set peer 12.12.12.1
set transform-set wk
match address 101
!
interface Tunnel2
ip address 192.168.1.2 255.255.255.0
tunnel source 23.23.23.3
tunnel destination 12.12.12.1
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial1/0
ip address 23.23.23.3 255.255.255.0
serial restart-delay 0
crypto map vpn
!
router ospf 110
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
ip route 0.0.0.0 0.0.0.0 23.23.23.2
!
access-list 101 permit ip host 23.23.23.3 host 12.12.12.1(感兴趣流是R1和R2的公网地址,这点和site-to-site vpn 不一样)