set zone name y1
set interface "loopback.1" zone "Home"
set interface "loopback.2" zone "Home"
set interface "loopback.3" zone "Home"
set interface ethernet3 ip 200.1.1.2/24
set interface loopback.1 ip 192.168.1.1/24
set interface loopback.2 ip 192.168.2.1/24
set interface loopback.3 ip 192.168.3.1/24
set int tun.1 zone y1
set interface tunnel.1 ip 192.168.100.1/24
set interface ethernet3 ip manageable
set interface loopback.1 ip manageable
set interface loopback.2 ip manageable
set interface loopback.3 ip manageable
set address "Home" "192.168.1.0" 192.168.1.0 255.255.255.0
set address "Home" "192.168.2.0" 192.168.2.0 255.255.255.0
set address "Home" "192.168.3.0" 192.168.3.0 255.255.255.0
set address "y1" "192.168.4.0" 192.168.4.0 255.255.255.0
set address "y1" "192.168.5.0" 192.168.5.0 255.255.255.0
set address "y1" "192.168.6.0" 192.168.6.0 255.255.255.0
set group address "Home" "zongbu"
set group address "Home" "zongbu" add "192.168.1.0"
set group address "Home" "zongbu" add "192.168.2.0"
set group address "Home" "zongbu" add "192.168.3.0"
set group address "y1" "y1-add"
set group address "y1" "y1-add" add "192.168.4.0"
set group address "y1" "y1-add" add "192.168.5.0"
set group address "y1" "y1-add" add "192.168.6.0"
set ike gateway "to-y1" address 200.1.2.2 Main outgoing-interface "ethernet3" preshare "y4KsQRlYNP35xEsFuFCZCauPCCn/qc9NEA==" proposal "pre-g2-3des-md5"
set *** "y1" gateway "to-y1" no-replay tunnel idletime 0 proposal "g2-esp-3des-md5"
set *** "y1" id 0x2 bind interface tunnel.1
set policy id 6 from "Home" to "y1" "zongbu" "y1-add" "ANY" permit
set policy id 5 from "y1" to "Home" "y1-add" "zongbu" "ANY" permit
set router-id 1.1.1.1
set route 0.0.0.0/0 gateway 200.1.1.1
set interface loopback.1 protocol ospf area 0.0.0.0
set interface loopback.1 protocol ospf enable
set interface loopback.2 protocol ospf area 0.0.0.0
set interface loopback.2 protocol ospf enable
set interface loopback.3 protocol ospf area 0.0.0.0
set interface loopback.3 protocol ospf enable
set interface tunnel.1 protocol ospf area 0.0.0.0
set interface tunnel.1 protocol ospf enable
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 200.1.1.2
!
!
crypto ipsec transform-set cisco esp-3des esp-md5-hmac
!
crypto ipsec profile ipsecprof
set transform-set cisco
!
interface Loopback0
ip address 192.168.4.1 255.255.255.0
ip ospf 110 area 0
!
interface Loopback1
ip address 192.168.5.1 255.255.255.0
ip ospf 110 area 0
!
interface Loopback2
ip address 192.168.6.1 255.255.255.0
ip ospf 110 area 0
!
interface Tunnel0
ip address 192.168.100.2 255.255.255.0
ip ospf 110 area 0
tunnel source 200.1.2.2
tunnel destination 200.1.1.2
tunnel mode ipsec ipv4
tunnel protection ipsec profile ipsecprof
!
interface Ethernet0/0
ip address 200.1.2.2 255.255.255.0
router ospf 110
log-adjacency-changes
ip route 0.0.0.0 0.0.0.0 200.1.2.1
