1. Define the flow of interest
[r1]acl number 3000
[r1-acl-adv-3000] rule 5 permit ip source 1.1.1.0 0.0.0.255 destination 3.3.3.0 0.0.0.255
[r1-acl-adv-3000] quit
2, ike placement
[r1]ike proposal 1
[r1-ike-proposal-1] encryption-algorithm 3des-cbc
[r1-ike-proposal-1] authentication-algorithm md5
[r1-ike-proposal-1] quit
[r1]ike peer r3 v1
[r1-ike-peer-r3]pre-shared-key simple huawei (set the negotiation key, both ends need to be consistent)
[r1-ike-peer-r3]ike-proposal 1 (call just Ike configuration)
[r1-ike-peer-r3]remote-address 200.1.1.3 (peer *** gateway public network interface address)
3. IPsec configuration
[r1]ipsec proposal 1
[r1-ipsec-proposal-1] transform ah (set encapsulation protocol)
[r1]ipsec policy L 10 isakmp (L is a custom name, 10 is a custom serial number, isakmp uses ike to establish ipsec SA)
[r1-ipsec-policy-isakmp-L-10] security acl 3000 (call Acl above)
[r1-ipsec-policy-isakmp-L-10] ike-peer r3 (call the ike peer above)
[r1-ipsec-policy-isakmp-L-10] proposal 1 (call the ipsec configuration just now)
4. Interface call strategy
[r1]interface GigabitEthernet0/0/0 (the public network interface of the device)
[r1-GigabitEthernet0/0/0] ipsec policy L (call the above policy)