#R1
#
acl number 3100
rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 10.192.0.0 0.0.0.255
#
ipsec proposal pro1
#
ike peer r4 v1
pre-shared-key simple sklinux
remote-address 122.0.34.4
#
ipsec policy r1 10 isakmp
security acl 3100
ike-peer r4
proposal pro1
#
...
#
interface GigabitEthernet0/0/0
ip address 120.0.12.1 255.255.255.0
ipsec policy r1 #接口下应用ipsec策略
#
interface GigabitEthernet0/0/1
ip address 192.168.10.254 255.255.255.0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 120.0.12.2
#
#R4
#
acl number 3100
rule 5 permit ip source 10.192.0.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
#
ipsec proposal pro1
#
ike peer r1 v1
pre-shared-key simple sklinux
remote-address 120.0.12.1
#
ipsec policy r4 10 isakmp
security acl 3100
ike-peer r1
proposal pro1
#
...
interface GigabitEthernet0/0/0
ip address 122.0.34.4 255.255.255.0
ipsec policy r4 #接口应用ipsec策略
#
interface GigabitEthernet0/0/1
ip address 10.192.0.254 255.255.255.0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 122.0.34.3
#