Experiment content of Dynamic IPsec VPN in a star network: 1. Create a fully interconnected topology. 2. Take R1 as the center, so that R2 and R3 establish a neighbor relationship with R1 respectively, while the routes between R2 and R3 are not reachable. 3. Create a Dynamic IPsec VPN R1 # show run !! Crypto isakmp policy 100 hash md5 authentication pre-share group 2 lifetime 3600 crypto isakmp key ilovetg address 192.168.123.3crypto isakmp key ilovetg2008 address 192.168.123.2 !! Crypto ipsec transform-set sun1 ah-md5-hmac esp-des esp-md5-hmac comp-lzs! Crypto dynamic-map sun123 10 set security-association lifetime kilobytes 102400 set transform-set sun1 set pfs group2 match address VPN !! Crypto map sun1 100 ipsec-isakmp dynamic sun123! Interface Loopback1 ip address 1.1.1.1 255.255.0! Interface FastEthernet0/0 ip address 192.168.123.1 255.255.255.0 duplex auto speed auto crypto map sun1 !! Router VPN 100 passive-interface Loopback1 network 1.1.1.1 0.0.0.0 network 192.168.123.1 0.0.0.0 no auto-summary neighbor 192.168.123.3 FastEthernet0/0 neighbor 192.168.123.2 FastEthernet0/0 !! Ip access-list extended VPN permit tcp host 1.1.1.1 host 2.2.2.2 permit tcp host 1.1.1.1 host 3.3.3.3 permit ip host 1.1.1.1 host 2.2.2.2 permit ip host 1.1.1.1 host 3.3.3.3 !! EndR2 # show run! Crypto isakmp policy 100 hash md5 authentication pre-share group 2 lifetime 3600 crypto isakmp key ilovetg2008 address 192.168.123.1!! Crypto ipsec transform-set sun2 ah-md5-hmac esp-des esp-md5-hmac comp-lzs! Crypto map sun2 10 ipsec-isakmp set peer 192.168.123.1 set security-association lifetime kilobytes 102400 set transform-set sun2 set pfs group2 match address VPN !! Interface Loopback2 ip address 2.2.2.2 255.255.255.0! Interface FastEthernet0/0 ip address 192.168.123.2 255.255.0 duplex auto speed auto crypto map sun2 !! Router VPN 100 passive-interface Loopback2 network 2.2.2.2 0.0.0.0 network 192.168.123.2 0.0.0.0 no auto-summary neighbor 192.168.123.1 FastEthernet0/0 !! Ip access-list extended VPN permit tcp host 2.2.2.2 host 1.1.1.1 permit ip host 2.2.2.2 host 1.1.1.1 !! End R3 # show run! Crypto isakmp policy 100 hash md5 authentication pre-share group 2 lifetime 3600 crypto isakmp key ilovetg address 192.168.123.1!! Crypto ipsec transform-set sun3 ah-md5-hmac esp-des esp-md5-hmac comp-lzs! Crypto map sun3 10 ipsec-isakmp set peer 192.168.123.1 set security-association lifetime kilobytes 102400 set transform-set sun3 set pfs group2 match address VPN !! Interface Loopback3 ip address 3.3.3.3 255.255.255.0! Interface FastEthernet0/0 ip address 192.168.123.3 255.255.0 duplex auto speed auto crypto map sun3 !! Router VPN 100 network 3.3.3.3 0.0.0.0 network 192.168.123.3 0.0.0.0 no auto-summary neighbor 192.168.123.1 FastEthernet0/0 !! Ip access-list extended VPN permit tcp host 3.3.3.3 host 1.1.1.1 permit ip host 3.3.3.3 host 1.1.1.1 !! EndR1 # show crypto isakmp sadst src state conn-id slot 192.168.123.2 QM_IDLE 1 0 ACTIVE192.168.123.1 192.168.123.3 running 2 0 ACTIVER2 # show cry isa sadst src state conn-id slot starting 192.168.123.2 running 1 0 ACTIVER3 # show cry isakmp sadst src state conn-id slot status192.168.123.1 192.168.123.3 QM_IDLE 1 0 ACTIVE