IPSec VPN 主模式固定地址求模板，或者具体配置

参考配置：
--10.1.1.1-VPN1-202.0.0.1-----------------202.0.0.2-VPN2-10.2.2.1--

vpn1：
#
sysname vpn1
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
#
acl advanced 3000
rule 0 permit ip source 10.1.1.0 0.0.0.255 destination 10.2.2.0 0.0.0.255
#
ipsec transform-set 1
esp encryption-algorithm 3des-cbc
esp authentication-algorithm sha1
#
ike keychain 1
pre-shared-key address 202.0.0.2 255.255.255.0 key simple 123
#
ike proposal 1
#
ike profile 1
keychain 1
local-identity address 202.0.0.1
match remote identity address 202.0.0.2 255.255.255.0
proposal 1
#
ipsec policy vpn 1 isakmp
transform-set 1
security acl 3000
remote-address 202.0.0.2
ike-profile 1
#
interface GigabitEthernet0/0
ip address 202.0.0.1 255.255.255.0
ipsec apply policy vpn
#
ip route-static 0.0.0.0 0 202.0.0.2
#

vpn2:
#
sysname vpn2
#
interface LoopBack0
ip address 10.2.2.1 255.255.255.255
#
acl advanced 3000
rule 0 permit ip source 10.2.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#
ipsec transform-set 1
esp encryption-algorithm 3des-cbc
esp authentication-algorithm sha1
#
ike keychain 1
pre-shared-key address 202.0.0.1 255.255.255.0 key simple 123
#
ike proposal 1
#
ike profile 1
keychain 1
local-identity address 202.0.0.2
match remote identity address 202.0.0.1 255.255.255.0
proposal 1
#
ipsec policy vpn 1 isakmp
transform-set 1
security acl 3000
remote-address 202.0.0.1
ike-profile 1
#
interface GigabitEthernet0/0
ip address 202.0.0.2 255.255.255.0
ipsec apply policy vpn
#
ip route-static 0.0.0.0 0 202.0.0.1
#

测试：
<VPN2>ping -a 10.2.2.1 10.1.1.1

[vpn1]dis ike proposal
Priority Authentication Authentication Encryption Diffie-Hellman Duration
method algorithm algorithm group (seconds)

<VPN1>ping -a 10.1.1.1 10.2.2.1
Ping 10.2.2.1 (10.2.2.1) from 10.1.1.1: 56 data bytes, press CTRL_C to break
Request time out
56 bytes from 10.2.2.1: icmp_seq=1 ttl=255 time=2.000 ms
56 bytes from 10.2.2.1: icmp_seq=2 ttl=255 time=1.000 ms