Configuration template:
interface e0/0
nameif inside
security-level 100
ip address xxxx 255.255.255.0 (modified within the local network IP and mask)
!
interface e0/1
nameif outside
security-level 0
ip address xxxx 255.255.255.248 (modified to local public network IP address and mask)
!
interface Ethernet0/2
!
interface Ethernet0/3
!
access-list 101 extended permit ip xxxx 255.255.255.0 xx0.0 255.255.0.0 (modified to local network IP address and mask)
route outside 0.0.0.0 0.0.0.0 xxxx (modified to local public network gateway)
crypto ipsec transform-set name 1 esp-3des esp-md5-hmac (defined character set)
crypto map test 1 match address 101 (interest flow defined)
crypto map test 1 set peer xxxx (distal public IP)
crypto map test 1 set transform-set 名称1
crypto map test interface outside (interface call strategy)
crypto isakmp enable outside (open IKE negotiation)
crypto isakmp policy 10 (IKE security policy)
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
!
Form tunnel-group xxxx type ipsec-l2l // define ××× to peer
tunnel-group xxxx ipsec-attributes // enter ipsec - the attribute configuration ***
pre-shared-key xxx authentication key
Reproduced in: https: //blog.51cto.com/livetony/2407689