sys
sys R3
int g0/0/0
ip add 12.0.0.2 8
int g0/0/1
ip add 23.0.0.2 8
int loopback 3
ip add 3.3.3.3 32sys
sys R1
dhcp enable
acl 3000
rule 5 deny ip destination 172.16.10.0 0.0.0.255
rule 10 permit ip so 192.168.10.0 0.0.0.255
acl 3001
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
ip route-static 0.0.0.0 0 12.0.0.2
int g0/0/0
ip add 192.168.10.254 24
dhcp select interface
int g0/0/1
ip add 12.0.0.1 8
nat outbound 3000
q
ipsec proposal toR2
en tunnel
trans esp
esp au sha2-256
esp en aes-128
ipsec policy toR2 10 manual
sec acl 3001
proposal toR2
tunnel lo 12.0.0.1
tunnel remo 23.0.0.1
sa spi inbound esp 54321
sa spi outbound esp 12345
sa string-key inbound esp cipher zx123
sa string-key outbound esp cipher zx123
int g0/0/1
ipces policy toR2sys
sys R2
dhcp enable
acl 3000
rule 5 deny ip destination 192.168.10.0 0.0.0.255
rule 10 permit ip so 172.16.10.0 0.0.0.255
acl 3001
rule 10 permit ip source 172.16.10.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
ip route-static 0.0.0.0 0 23.0.0.2
int g0/0/0
ip add 172.16.10.254 24
dhcp select interface
int g0/0/1
ip add 23.0.0.1 8
nat outbound 3000
q
ipsec proposal toR1
en tunnel
trans esp
esp au sha2-256
esp en aes-128
ipsec policy toR1 10 manual
sec acl 3001
proposal toR1
tunnel lo 23.0.0.1
tunnel remo 12.0.0.1
sa spi inbound esp 12345
sa spi outbound esp 54321
sa string-key inbound esp cipher zx123
sa string-key outbound esp cipher zx123
int g0/0/1
ipces policy toR1手工模式比較簡單,重點是把各種密碼先規劃好。。。。cipher加密之後到配置對端就忘記了,來回折騰了好久