【答案解析】crypto isakmp policy 1 //配置IKE策略1 authentication pre-share //IKE策略1的验证方法设为pre_share group 2 //加密算法未设置则取默认值：DES crypto isakmp key test123 address 202.96.1.2 //设置pre-share密钥为test123，此值两端需一致 crypto ipsec transform-set VPNtag ah-md5-hmac esp-des //设置AH散列算法为md5，ESP加密算法为DES crypto map VPNdemp 10 ipsec-isakmp //定义crypto map set peer 202.96.1.2 //设置隧道对端IP地址 set transform-set VPNtag //设置隧道AH及ESP match address 101 ! interface Tunne10 //定义隧道接口 ip address 192.168.1.1 255.255.255.0 //隧道端口IP地址 no ip directed-broadcast tunnel source 202.96.1.1 //隧道源端地址 tunnel destination 202.96.1.2 //隧道目标端地址 crypto map VPNdemo //应用VPNdemo于此接口 interface sefial0/0 ip address 202.96.1.1 255.255.255.252 //串口的internet IP地址 no ip directed-broadcast crypto map VPNdemo //应用VPNdemo于此端口 ! interface Ethernet0/1 ip address 168.1.1.1 255.255.255.0 //外部端口IP地址 no ip directd-broadcast interface Ethernet0/0 ip address 172.22.1.100 255.255.255.0 //内部端口IP地址 no ip directed-broadcast ! ip classless ip route 0.0.0.0 0.0.0.0 202.96.1.2 //默认静态路由 ip route 172.22.2.0 255.255.0.0 192.168.1.2 //到内网静态路由(经过隧道) access-lost 101 permit gre host 202.96.1.1 host 202.96.1.2 //定义访问控制列表