关于 ipsec VPN的问题，求助

埋身欲搏

R2(config)#crypto map mymap ?            
  <1-65535>       Sequence to insert into crypto map entry
  client          Specify client configuration settings
  isakmp          Specify isakmp configuration settings
  isakmp-profile  Specify isakmp profile to use
  local-address   Interface to use for local address for this crypto map
  redundancy      High availability options for this map
这里的local-address 选项 到底什么意思？说的具体点
下面的实例中，我为毛非得写上crypto map mymap local-address Loopback100 ipsec才能建立起来

还有一个问题，ipsec部署好之后，在esp头前面插入的ip报头，是set peer之后的那个地址吗？（下面红色标注），隧道模式和传输模式前面的ip头是一样的吗？

R1#show run
Building configuration...
Current configuration : 1671 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 22.22.22.22
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode transport
!
crypto map mymap local-address Loopback100
crypto map mymap 10 ipsec-isakmp
set peer 22.22.22.22
set transform-set myset
match address 110
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Loopback2
ip address 2.2.2.2 255.255.255.0
!
interface Loopback100
ip address 11.11.11.11 255.255.255.0
!         
interface Tunnel0
ip address 10.10.10.1 255.255.255.0
tunnel source 200.1.1.1
tunnel destination 200.1.1.2
crypto map mymap
!
interface FastEthernet0/0
ip address 200.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 10
log-adjacency-changes
no auto-cost
network 1.1.1.0 0.0.0.255 area 0
network 10.10.10.0 0.0.0.255 area 0
network 11.11.11.0 0.0.0.255 area 0
!
!
no ip http server
no ip http secure-server
!
!
access-list 110 permit ip 1.1.1.0 0.0.0.255 4.4.4.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end


R2#show running-config
Building configuration...
Current configuration : 1657 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 11.11.11.11
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode transport
!
crypto map mymap local-address Loopback100
crypto map mymap 10 ipsec-isakmp
set peer 11.11.11.11
set transform-set myset
match address 110
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
!
interface Loopback1
ip address 5.5.5.5 255.255.255.0
!
interface Loopback100
ip address 22.22.22.22 255.255.255.0
!         
interface Tunnel0
ip address 10.10.10.2 255.255.255.0
tunnel source 200.1.1.2
tunnel destination 200.1.1.1
crypto map mymap
!
interface FastEthernet0/0
ip address 200.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 10
log-adjacency-changes
network 4.4.4.0 0.0.0.255 area 0
network 10.10.10.0 0.0.0.255 area 0
network 22.22.22.0 0.0.0.255 area 0
!         
!
no ip http server
no ip http secure-server
!
!
access-list 110 permit ip 4.4.4.0 0.0.0.255 1.1.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

694380889

local address 本地地址
remote address 远端地址。
当你以192.168.1.2 这个IP去访问192.168.1.3这个IP的时候，你自己的IP就是本地地址，192.168.1.3就是远端地址。