[eNSP]GRE over IPSec（对GRE通道进行加密）

首先要打通GRE通道：
具体见本人文章：[eNSP]建立GRE通道
然后：

2、创建IKE提议
[AR 1]ike proposal 1     # 创建IKE提议
[AR 1-ike-proposal-1]encryption-algorithm 3des-cbc     # 指定加密算法
[AR 1-ike-proposal-1]authentication-algorithm md5     # 认证算法
[AR 3]ike proposal 1     # 创建IKE提议
[AR 3-ike-proposal-1]encryption-algorithm 3des-cbc     # 指定加密算法
[AR 3-ike-proposal-1]authentication-algorithm md5     # 认证算法

3、配置IKE对等体
[AR 1]ike peer number v2     # 创建number的对等体
[AR 1-ike-peer-numberone]pre-shared-key simple 5201314     # 共享密钥
[AR 1-ike-peer-numberone]ike-proposal 1
[AR 3]ike peer number v2     # 创建number的对等体
[AR 3-ike-peer-numberone]pre-shared-key simple 5201314     # 共享密钥
[AR 3-ike-peer-numberone]ike-proposal 1

4、配置IPSec提议
[AR 1]ipsec proposal 1
[AR 1-ipsec-proposal-1]esp encryption-algorithm 3des     # esp的加密算法
[AR 3]ipsec proposal 1
[AR 3-ipsec-proposal-1]esp encryption-algorithm 3des     # esp的加密算法

5、配置IPSec文件
[AR 1]ipsec profile gre
[AR 1-ipsec-profile-gre]ike-peer number
[AR 1-ipsec-profile-gre]proposal 1
[AR 3]ipsec profile gre
[AR 3-ipsec-profile-gre]ike-peer number
[AR 3-ipsec-profile-gre]proposal 1

6、对GRE隧道进行保护
[AR 1]interface Tunnel 0/0/0
[AR 1-Tunnel0/0/0]description XXXXX     # XXXXX可以自定义
[AR 1-Tunnel0/0/0]tunnel-protocol gre
[AR 1-Tunnel0/0/0]source 200.1.1.1
[AR 1-Tunnel0/0/0]destination 200.2.2.2
[AR 1-Tunnel0/0/0]ipsec profile gre     # 对GRE隧道进行保护
[AR 3]interface Tunnel 0/0/0
[AR 3-Tunnel0/0/0]description XXXXX
[AR 3-Tunnel0/0/0]tunnel-protocol gre
[AR 3-Tunnel0/0/0]source 200.2.2.2
[AR 3-Tunnel0/0/0]destination 200.1.1.1
[AR 3-Tunnel0/0/0]ipsec profile gre     # 对GRE隧道进行保护

最后用PC1去pingPC2的抓包效果图：

但是PC1的命令行显示时这样的：

命令行显示的是“Request timeout !”是正常现象，抓包可以抓到ISAKMP