=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.06.07 20:27:18 =~=~=~=~=~=~=~=~=~=~=~= # version 7.1.049, Release 0106P31 # sysname IKE-Branch-R01 # clock protocol none # undo copyright-info enable interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 192.168.1.4 255.255.255.0 ipsec apply policy IKE interface GigabitEthernet0/2 port link-mode route # interface Tunnel0 mode gre description to R1 mtu 1560 ip address 1.1.1.25 255.255.255.254 source 192.168.1.4 destination 192.168.1.1 keepalive 3 3 # acl number 3400 description GRE to R1 rule 0 permit ip source 1.1.1.25 0 destination 1.1.1.3 0 rule 20 permit gre source 192.168.1.4 0 destination 192.168.1.1 0 # pki domain IKE2 ca identifier DCIKEPRD-CA1-CA certificate request url http://192.168.30.30/certsrv/mscep/mscep.dll certificate request from ra certificate request entity IKE2-r1 public-key rsa general name IKE-r1 crl url http://192.168.30.30/certenroll/DCIKEPRD-CA1-CA(1).crl undo crl check enable # pki entity IKE2-r1 common-name Agency-R1 ip 192.168.1.4 # ftp server enable # undo ipsec anti-replay check # ipsec transform-set trans1 esp encryption-algorithm aes-cbc-256 esp authentication-algorithm sha1 # ipsec policy IKE 1 isakmp transform-set trans1 security acl 3400 remote-address 192.168.1.1 ike-profile 1 # ike profile 1 certificate domain Branch local-identity address 192.168.1.4 match remote identity address 192.168.1.1 255.255.255.255 proposal 2 # ike proposal 1 authentication-method rsa-signature dh group5 # ike proposal 2 authentication-method rsa-signature encryption-algorithm aes-cbc-256 dh group14 # return