Конфигурация упрощена чтобы не захламлять форум.
Выглядит так:
[192.168.11.0/24]--[cisco1812]---[192.168.0.0/30]---[cisco3825]--[192.168.12.0/24]Конфиги:
-------------------------------------
hostname c1812gw1
!
aaa new-model
!
ip cef
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key 12345 address 192.168.0.2
!
!
crypto ipsec transform-set RBK esp-3des esp-md5-hmac
!
crypto map TUNNEL0 1 ipsec-isakmp
set peer 192.168.0.2
set transform-set RBK
match address 199
!
!
!
!
interface Tunnel0
ip unnumbered FastEthernet0
tunnel source FastEthernet0
tunnel destination 192.168.0.2
tunnel checksum
crypto map TUNNEL0
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.252
duplex auto
speed auto
crypto map TUNNEL0
!
access-list 199 permit ip host 192.168.0.1 host 192.168.0.2
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
---------------------------------------
hostname c3825
!
no aaa new-model
!
ip cef
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
crypto isakmp key 12345 address 192.168.0.1
!
!
crypto ipsec transform-set RBK esp-3des esp-md5-hmac
!
crypto map TUNNEL0 1 ipsec-isakmp
set peer 192.168.0.1
set transform-set RBK
match address 199
!
!
!
!
interface Tunnel0
ip unnumbered GigabitEthernet0/0
tunnel source GigabitEthernet0/0
tunnel destination 192.168.0.1
tunnel checksum
crypto map TUNNEL0
!
interface GigabitEthernet0/0
ip address 192.168.0.2 255.255.255.252
duplex auto
speed auto
media-type rj45
crypto map TUNNEL0
!
access-list 199 permit ip host 192.168.0.2 host 192.168.0.1
!
!
!
end
---------------------------------
c1812gw1#sh int tun0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Interface is unnumbered. Using address of FastEthernet0 (192.168.0.1)
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.0.1 (FastEthernet0), destination 192.168.0.2
Tunnel protocol/transport IP/IP
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
c1812gw1#sh crypto engine connection active
Crypto Engine Connections
ID Interface Type Algorithm Encrypt Decrypt IP-Address
c1812gw1#