Good morning teachers, cisco and the export of China, three are PPPOE on the Internet, on both sides of the configuration DDNS, cisco's dynamic domain is: wnet.f3322.net, China three is: genyo.f3322.net, but build up of VPN, please the teacher guidance, the configuration is as follows:
cisco configuration
Crypto isakmp policy 10
Encr 3 des
Hash md5
The authentication pre - share
Group 2

Crypto isakmp key abc12345 hostname genyo.f3322.net
Crypto isakmp key abc12345 hostname H3C

Crypto isakmp identity hostname
Crypto ipsec esp transform - set Small_Office esp - 3 des - md5 - hmac
Mode tunnel
Crypto map Small_Office 10 ipsec - isakmp
! Incomplete
Set dynamic peer genyo.f3322.net
Set the transform - set Small_Office
The set PFS group2
Match the address VPN

Crypto map Small_Office


Extended IP VPN access list
10 the permit IP 192.168.10.0 0.0.0.255 192.168.0.0 0.0.0.255 (24 matches)
20 permit IP 192.168.15.0 0.0.0.255 192.168.0.0 0.0.0.255 (24 matches)

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Three configuration China

Ike proposal 10
Encryption - 3 des algorithm - CBC
Dh group2
Authentication - algorithm md5

#
Ike keychain home
The pre - Shared - key hostname wnet.f3322.net key cipher $c $3 $Cj8N + YWdi85qZ9UCdECLU

Ike identity FQDN H3C
#
Ike profile home
Keychain home
Exchange - mode aggressive
Local - identity FQDN H3C
Match the remote identity FQDN CISCO2911_Router
Proposal 10
Ipsec transform - set home
Esp encryption - 3 des algorithm - CBC
Esp authentication algorithm md5 -
#
Ipsec policy - the template 1 1
The transform - set home
Security acl 3000
Ike - profile home
#
Ipsec policy home 1 isakmp template 1


The acl advanced 3000
Rule 0 permit IP source 192.168.0.0 0.0.0.255 destination 192.168.15.0 0.0.0.255
#