拓扑如下:
R2配置:hostname R2
enable password cisco
interface Ethernet0/0
ip address 202.112.1.2 255.255.255.0
interface Ethernet0/1
ip address 61.67.1.2 255.255.255.0
line con 0
logging synchronous
line aux 0
line vty 0 4
password cisco
login
transport input all
R3配置:hostname R3
enable password cisco
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 202.112.1.1
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set vpn-set ah-sha-hmac esp-des
crypto map mymap 1 ipsec-isakmp
set peer 202.112.1.1
set transform-set vpn-set
match address 100
interface Loopback10
ip address 172.16.1.1 255.255.255.255
interface Ethernet0/0
ip address 61.67.1.1 255.255.255.0
crypto map mymap
ip route 0.0.0.0 0.0.0.0 202.112.1.1
ip route 0.0.0.0 0.0.0.0 61.67.1.2
access-list 100 permit ip host 172.16.1.1 host 192.168.1.1
logging synchronous
line aux 0
line vty 0 4
password cisco
login
transport input all
测试结果如下: