泰达集团VPN实施部分拓扑（选取3站方式）

北京总部的路由器命令为Routerbj，具体步骤配置如下。

Routerbj(config)# crypto isakmp enable

Routerbj(config)# crypto isakmp policy 110

Routerbj(config-isakmp)# authentication pre-share

Routerbj(config-isakmp)# encryption des

Routerbj(config-isakmp)# group 1

Routerbj(config-isakmp)# hash md5

Routerbj(config-isakmp)# lifetime 86400

Routerbj(config-isakmp)#exit

Routerbj(config)#rypto isakmp identity address

Routerbj(config)# crypto isakmp key cisco1234 address 172.30.2.2

Routerbj(config)# crypto isakmp key cisco1234 address 172.30.3.2

Routerbj(config)#crypto IPsec transform mine esp-des

Routerbj(config)#crypto map mymap 10 IPsec-isakmp

Routerbj(config-crypto-map)#set peer 172.30.2.2

Routerbj(config-crypto-map)#set peer 172.30.3.2

Routerbj(config-crypto-map)#set transform-set mine

Routerbj(config-crypto-map)#match address 110

Routerbj(config-crypto-map)#exit

Routerbj(config)#access-list 110 permit tcp 10.0.1.0 0.0.0.255 10.0.2.0 0.0.0.255

Routerbj(config)#access-list 110 permit tcp 10.0.1.0 0.0.0.255 10.0.3.0 0.0.0.255

Routerbj(config)#interface Ethernet 0/1

Routerbj(config-if)#crypto map mymap

上海分支机构的路由器命令为Routersh，具体步骤配置如下。

Routersh(config)# crypto isakmp enable

Routersh(config)# crypto isakmp policy 110

Routersh(config-isakmp)# authentication pre-share

Routersh(config-isakmp)# encryption des

Routersh(config-isakmp)# group 1

Routersh(config-isakmp)# hash md5

Routersh(config-isakmp)# lifetime 86400

Routersh(config-isakmp)#exit

Routersh(config)#rypto isakmp identity address

Routersh(config)# crypto isakmp key cisco1234 address 172.30.1.2

Routersh(config)#crypto IPsec transform mine esp-des

Routersh(config)#crypto map mymap 10 IPsec-isakmp

Routersh(config-crypto-map)#set peer 172.30.1.2

Routersh(config-crypto-map)#set transform-set mine

Routersh(config-crypto-map)#match address 110

Routersh(config-crypto-map)#exit

Routersh(config)#access-list 110 permit tcp 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255

Routersh(config)#interface Ethernet 0/1

Routersh(config-if)#crypto map mymap