RT2:
conf t
!
class-map match-all icmp
match access-group name ICMP
class-map match-all esp
match access-group name ESP
class-map match-all gre
match access-group name GRE
!
policy-map QoS
class icmp
class esp
class gre
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
!
crypto isakmp key cisco address 192.168.23.3
!
crypto ipsec transform-set TRANS esp-aes esp-sha-hmac
mode tunnel
!
crypto map CMAP 10 ipsec-isakmp
set peer 192.168.23.3
set transform-set TRANS
match address 101
!
interface Tunnel 0
ip address 10.0.0.2 255.255.255.0
tunnel source Ethernet0/1
tunnel destination 192.168.23.3
!
interface Ethernet 0/0
ip address 192.168.12.2 255.255.255.0
no shutdown
!
interface Ethernet0/1
ip address 192.168.23.2 255.255.255.0
crypto map CMAP
service-policy output QoS
no shutdown
!
ip access-list extended ESP
permit esp any any
!
ip access-list extended GRE
permit gre any any
!
ip access-list extended ICMP
permit icmp any any
!
ip access-list extended 101
permit gre host 192.168.23.2 host 192.168.23.3
!
ip route 1.1.1.1 255.255.255.255 192.168.12.1
ip route 3.3.3.3 255.255.255.255 10.0.0.3
!
end
[:]
