acl number 3000
rule 3000 permit ip source 172.16.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.25
5
#
ipsec proposal ok
esp authentication-algorithm sha2-512
esp encryption-algorithm aes-256
#
ike proposal 10
encryption-algorithm aes-cbc-256
dh group5
authentication-algorithm md5
prf hmac-md5
#
ike peer site2 v1
exchange-mode aggressive
pre-shared-key simple cisco
ike-proposal 10
remote-address 202.100.100.100
#
ipsec policy ok-policy 10 isakmp
security acl 3000
ike-peer site2
proposal ok
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.10.10.20 255.255.255.0
ipsec policy ok-policy