问
你好。当我从主机 192.168.11.0/24 到服务器 10.0.0.0/24 进行跟踪路由时,即站点 B。当数据包进入公共区域时,它会显示Request timed out(如图所示)。顺便说一句,我正在使用 IPSec 协议。谢谢你... 
网络图。
KCP 1(站点 A)会议
Current configuration : 1284 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname KCP1
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1524EEWL-
license boot module c2900 technology-package securityk9
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp key bjj address 209.165.100.1
!
!
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map bjjtunnel 1 ipsec-isakmp
set peer 209.165.100.1
set transform-set TS
match address vpn-ke-bjjpusat
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 209.165.101.1 255.255.255.248
duplex auto
speed auto
crypto map bjjtunnel
!
interface GigabitEthernet0/1
ip address 192.168.11.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 209.165.101.2
!
ip flow-export version 9
!
!
ip access-list extended vpn-ke-bjjpusat
permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.11.0 0.0.0.255 10.0.0.0 0.0.0.255
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
BJJPUSAT(站点 B)会议
Current configuration : 1290 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname BJJPUSAT
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1524I08N-
license boot module c2900 technology-package securityk9
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp key bjj address 209.165.101.1
!
!
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map bjjtunnel 1 ipsec-isakmp
set peer 209.165.101.1
set transform-set TS
match address vpn-ke-kcp1
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 209.165.100.1 255.255.255.248
duplex auto
speed auto
crypto map bjjtunnel
!
interface GigabitEthernet0/1
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 209.165.100.2
!
ip flow-export version 9
!
!
ip access-list extended vpn-ke-kcp1
permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
permit ip 10.0.0.0 0.0.0.255 192.168.11.0 0.0.0.255
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end