##### Route A ################################### interface Tunnel0 mode gre ip address 10.254.1.2255.255.255.252 source 2.2.2.2 destination 6.6.6.6 ipsec apply policy 3100 # acl advanced 3100 description IPSEC OVER GRE rule 10 permit ip source 172.23.0.00.0.255.255 destination 172.21.0.00.0.255.255 # ipsec transform-set 3100 esp encryption-algorithm 3des-cbc esp authentication-algorithm sha1 # ipsec policy 31001 isakmp transform-set 3100 security acl 3100 ike-profile 3100 remote-address 10.254.1.1 # ike profile 3100 keychain 3100 exchange-mode aggressive match remote identity address 10.254.1.1255.255.255.252 proposal 3100 # ike proposal 3100 # ike keychain 3100 pre-shared-key address 10.254.1.10.0.0.0 key simple 8D3.qCeP # ip route-static 172.21.0.016 Tunnel 0 ##### Route B ################################### interface Tunnel0 mode gre ip address 10.254.1.1255.255.255.252 source 6.6.6.6 destination 2.2.2.2 ipsec apply policy 3100 # ip route-static 172.23.0.016 Tunnel 0 # acl advanced 3100 description IPSEC OVER GRE rule 10 permit ip source 172.21.0.00.0.255.255 destination 172.23.0.00.0.255.255 # ipsec transform-set 3100 esp encryption-algorithm 3des-cbc esp authentication-algorithm sha1 # ipsec policy 31001 isakmp transform-set 3100 security acl 3100 remote-address 10.254.1.2 ike-profile 3100 # ike profile 3100 keychain 3100 exchange-mode aggressive match remote identity address 10.254.1.2255.255.255.252 proposal 3100 # ike proposal 3100 # ike keychain 3100 pre-shared-key address 10.254.1.20.0.0.0 key simple 8D3.qCeP #
原文地址:http://abian.blog.51cto.com/751059/1974316