tunnel + vpn
R1=================================================================
enable
conf t
noip domain-lookup
line 0
no exec-timeout
logging synchronous
exit
host R1
in f0/0
ip add 170.58.12.1 255.255.255.0
no sh
int lo0
ip add 1.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 170.58.12.2
inter tunnel 100
tunn so 170.58.12.1
tunn de 170.58.23.3
ip add 170.58.13.1 255.255.255.0
router ospf 100
router-id 1.1.1.1
net 170.58.13.0 0.0.0.255 a 0
net 1.1.1.0 0.0.0.255 a 0
crypto isakmp policy 10
authentication pre-share
crypto isakmp key 0 cisco address 170.58.23.3
crypto ipsec transform-set aaa esp-3des esp-md5-hmac
crypto map bbb 10 ipsec-isakmp
match address vpn
set peer 170.58.23.3
set transform-set aaa
ip access-list extended vpn
permit gre host 170.58.12.1 host 170.58.23.3
crypto map bbb
R2============================================================
no ip domain-lookup
host R2
ip add 170.58.12.2 255.255.255.0
in f0/01
ip add 170.58.23.2 255.255.255.0
R3============================================================
host R3
in f0/1
ip add 170.58.23.3 255.255.255.0
ip add 3.3.3.3 255.255.255.0
ip route 0.0.0.0 0.0.0.0 170.58.23.2
tunn so 170.58.23.3
tunn de 170.58.12.1
ip add 170.58.13.3 255.255.255.0
router-id 3.3.3.3
net 3.3.3.0 0.0.0.255 a 0
crypto isakmp key 0 cisco address 170.58.12.1
crypto ipsec transform-set ccc esp-3des esp-md5-hmac
crypto map ddd 10 ipsec-isakmp
set peer 170.58.12.1
set transform-set ccc
permit gre host 170.58.23.3 host 170.58.12.1
crypto map ddd