需求：站点后网络互通，中间有tunnel隧道，并且进行加密，tunnel上有路由协议--ospf

站点1：

hostname R1

crypto isakmp policy 10
 authentication pre-share
crypto isakmp key cisco address 192.168.1.2
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto map cisco 10 ipsec-isakmp
 set peer 192.168.1.2
 set transform-set cisco
 match address vpn

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback2
 ip address 3.3.3.3 255.255.255.255
!
interface Tunnel0
 ip address 10.1.1.1 255.255.255.0
 tunnel source Ethernet0/0
 tunnel destination 192.168.1.2
!        
interface Ethernet0/0
 ip address 192.168.1.1 255.255.255.0
 full-duplex
 crypto map cisco

router ospf 1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 2.2.2.2 0.0.0.0 area 0
 network 3.3.3.3 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.255 area 0
!
ip http server
no ip http secure-server

ip access-list extended vpn
 permit gre host 192.168.1.1 host 192.168.1.2

站点2：

hostname R2

 crypto isakmp policy 10
 authentication pre-share
crypto isakmp key cisco address 192.168.1.1
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto map cisco 10 ipsec-isakmp
 set peer 192.168.1.1
 set transform-set cisco
 match address vpn

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface Loopback1
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback5
 ip address 6.6.6.6 255.255.255.255
!
interface Loopback7
 ip address 7.7.7.7 255.255.255.255
!
interface Tunnel0
 ip address 10.1.1.2 255.255.255.0
 tunnel source Ethernet0/0
 tunnel destination 192.168.1.1
!
interface Ethernet0/0
 ip address 192.168.1.2 255.255.255.0
 full-duplex
 crypto map cisco

!
router ospf 1
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 0
 network 5.5.5.5 0.0.0.0 area 0
 network 6.6.6.6 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.255 area 0
!
ip http server
no ip http secure-server
!

ip access-list extended vpn
 permit gre host 192.168.1.2 host 192.168.1.1