//通過ACL定義感興趣的數據流
access-list outside_cryptomap extended permit ip SOURCE IP DESTINATION IP
//在外網端口上開啓ISAKMP
crypto isakmp enable outside
//配置第一階段協商參數
crypto isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
//創建IPSEC轉換集
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
//創建IPSEC MAP 映射池
crypto map outside_map0 1 match address outside_cryptomap
//指定對端公網IP
crypto map outside_map0 1 set peer 10.32.184.204
//將IPSEC轉換集映射到MAP池中
crypto map outside_map0 1 set transform-set ESP-DES-SHA ESP-DES-MD5
//配置***的類型
tunnel-group PEER IP type ipsec-l2l
tunnel-group PEER IP ipsec-attributes
//配置加密密鑰
pre-shared-key CISCO
//運用到端口上
crypto map outside_map0 interface outside