(LAN: 172.16.1.1)siteA (WAN: 10.125.1.1) <=> (WAN: 10.125.1.2) siteB (LAN:192.168.1.1)
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip domain name lookdata.cn
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key lookdata address 10.125.1.2
!
!
crypto ipsec transform-set s2s esp-3des esp-sha-hmac
!
crypto map s2s 10 ipsec-isakmp
set peer 10.125.1.2
set transform-set s2s
match address s2s
!
!
!
!
interface FastEthernet0/0
ip address 10.125.1.1 255.255.255.0
duplex auto
speed auto
crypto map s2s
!
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
!
ip route 192.168.0.0 255.255.0.0 FastEthernet0/0
!
!
no ip http server
no ip http secure-server
!
ip access-list extended s2s
permit ip 172.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end