拓扑如下
HQ LAN<——>HQ Router<——>INTERNET Router<——>BR Router<——>BR LAN
配置如下
总部HQ!
ip access-list extended S2S
permit ip 192.168.11.0 0.0.0.255 192.168.12.0 0.0.0.255
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 5
crypto isakmp key cisco address 202.202.202.1
crypto ipsec transform-set MYTRAN esp-3des esp-md5-hmac
crypto map MYMAP 10 ipsec-isakmp
set peer 202.202.202.1
set transform-set MYTRAN
match address S2S
reverse-route static