1. 东海:
    2. ipsec transform-set csvpn
    3.  esp encryption-algorithm 3des-cbc 
    4.  esp authentication-algorithm md5 
    6. ike proposal 1
    7.  encryption-algorithm 3des-cbc
    8.  dh group2
    9.  authentication-algorithm md5
    12. ike keychain csvpn
    13.  pre-shared-key hostname CS key sim Admin@1234
    16. ike profile csvpn
    17.  keychain csvpn
    18.  exchange-mode aggressive
    19.  local-identity fqdn dh
    20.  match remote identity fqdn CS
    21.  proposal 1 
    25. ipsec policy-template temp 12
    26.  transform-set csvpn 
    27.  ike-profile csvpn
    28.  sa duration time-based 3600
    31. ipsec policy policy1 50 isakmp template temp
    36. 长沙:
    37. acl number 3000
    38.  description nat 
    39.  rule 10 deny ip source 192.168.110.0 0.0.0.255 destination 10.10.100.0 0.0.0.255
    40.  rule 20 deny ip source 192.168.110.0 0.0.0.255 destination 192.168.45.0 0.0.0.255
    43. acl number 3001
    44.  description peer_dh
    45.  rule 10 permit ip source 192.168.110.0 0.0.0.255 destination 192.168.45.0 0.0.0.255
    46.  rule 20 permit ip source 192.168.110.0 0.0.0.255 destination 10.10.100.0 0.0.0.255
    47. #
    50. ike proposal 1
    51.  encryption-algorithm 3des-cbc
    52.  dh group2
    53.  authentication-algorithm md5
    55. ike keychain dhvpn
    56.  match local address Dialer0
    57.  pre-shared-key address 183.63.71.66 255.255.255.255 key sim Admin@1234
    58.  pre-shared-key hostname dh key sim Admin@1234
    62. ike profile dhvpn
    63.  keychain dhvpn
    64.  exchange-mode aggressive
    65.  local-identity fqdn CS
    66.  match remote identity fqdn dh
    67.  proposal 1 
    70. ipsec policy policy1 10 isakmp
    71.  transform-set dhvpn 
    72.  security acl 3001 
    73.  remote-address 183.63.71.66 
    74.  ike-profile dhvpn
    75.  sa duration time-based 3600
    77. ipsec transform-set dhvpn
    78.  esp encryption-algorithm 3des-cbc 
    79.  esp authentication-algorithm md5