自动创建ipsec

fanzhesi

自动创建ipsec
三台路由器 R1 R2 R3
在R1上配置g0/0的IP地址192.168.1.1 在创建一个环回口10.1.1.1
R2 G0/0接口地址 192.168.1.2 G0/1 接口地址172.16.1.2
R3g0/0接口地址172.16.1.1 换回接口地址20.1.1.1
要求R1和R3的环回口能够相互ping通
创建ipsec的自动方式，一下就是配置的内容为什么会ping不通哪？请教各位大侠指点迷津。
R1的配置
ipsec policy map1 1 isakmp
transform-set map
security acl 3000
local-address 192.168.1.1
remote-address 172.16.1.1
ike-profile pro
#
ike profile pro
keychain key
match remote identity address 172.16.1.1 255.255.255.0
#
ike keychain key
pre-shared-key address 172.16.1.1 255.255.255.0 key cipher $c$3$7phPlkeYNoVXl2lhGX14GroyV

#
ip route-static 20.1.1.0 24 192.168.1.2
ip route-static 172.16.1.0 24 192.168.1.2
#
acl advanced 3000
rule 0 permit ip source 10.1.1.0 0.0.0.255 destination 20.1.1.0 0.0.0.255



R2的配置
ipsec transform-set map
esp encryption-algorithm 3des-cbc
esp authentication-algorithm sha1
#
ipsec policy map1 1 isakmp
transform-set map
security acl 3000
local-address 192.168.1.1
remote-address 172.16.1.1
ike-profile pro
#
ike profile pro
keychain key
match remote identity address 192.168.1.1 255.255.255.0
#
ike keychain key
pre-shared-key address 192.168.1.1 255.255.255.0 key cipher $c$3$2iZeP8EHF9Sqfps2zCSU4XccfEtsVcc=
#

ip route-static 10.1.1.0 24 172.16.1.2
ip route-static 192.168.1.0 24 172.16.1.2
#
acl advanced 3000
rule 0 permit ip source 20.1.1.0 0.0.0.255 destination 10.1.1.0 0.0.0.255

gdie2011

你想问什么问题

hongsupeng

R1的第二阶段有配吗？
像R2的：ipsec transform-set map
             esp encryption-algorithm 3des-cbc
             esp authentication-algorithm sha1

duilie1111

fanzhesi

都配置了就是不通 也配置过静态路由指向对方也是不通