Site A: ADSLSite B: 固定IP#####RouteA###################################interfaceGigabitEthernet1/0/0p
.
Site A: ADSL
Site B: 固定IP
##### Route A ###################################interface GigabitEthernet1/0/0 port link-mode route combo enable copper ip address 2.2.2.2255.255.255.248 nat outbound 3000 ipsec apply policy 7#acl advanced 3000 rule 0 deny ip source 172.21.0.00.0.255.255 destination 192.168.0.00.0.255.255 rule 100 permit ip#acl advanced 3001 rule 0 permit ip source 172.21.0.00.0.255.255 destination 192.168.0.00.0.255.255#ipsec transform-set 7 esp encryption-algorithm 3des-cbc esp authentication-algorithm md5 #ipsec policy-template 1231 transform-set 7 ike-profile 7 sa duration time-based 3600 sa duration traffic-based 1843200#ipsec policy 71 isakmp transform-set 7 security acl 3001 remote-address 6.6.6.6 ike-profile 7# ike identity fqdn zhongmu#ike profile 7 keychain 7 exchange-mode aggressive local-identity fqdn zhongmu match remote identity address 6.6.6.6255.255.255.252 proposal 7#ike proposal 7#ike keychain 7 pre-shared-key address 6.6.6.6255.255.255.252 key simple 1sEDC3sqoI###### Route B ################################### #interface GigabitEthernet1/0/0 port link-mode route ip address 6.6.6.6255.255.255.252 nat outbound 3001 ipsec apply policy 3001#acl advanced 3001 description ***-nat rule 4 deny ip source 192.168.0.00.0.255.255 destination 172.21.0.00.0.255.255 rule 100 permit ip#acl advanced 3010 description ipsec-××× rule 4 permit ip source 192.168.0.00.0.255.255 destination 172.21.0.00.0.255.255 rule 100 deny ip#ipsec transform-set 3001 esp encryption-algorithm 3des-cbc esp authentication-algorithm md5 #ipsec policy 30011 isakmp transform-set 3001 ike-profile 3001 security acl 3010# ike identity fqdn zhongmu#ike profile 3001 keychain 3001 exchange-mode aggressive match remote identity fqdn zhongmu proposal 3001#ike proposal 3001#ike keychain 3001 pre-shared-key hostname zhongmu keysimple 1sEDC3sqoI#
