R1

en
conf t

hostname R1
ip domain name cisco.com
crypto key generate rsa modulus 2048

int l0
ip address 1.1.1.1 255.255.255.255
no shut

int gi0/0
ip address 10.0.10.1 255.255.255.0
ip ospf priority 255
no shut

int tun0
ip address 192.168.1.1 255.255.255.0
tunnel source gi0/0
tunnel destination 10.0.20.1
tunnel mode gre ip
no shut

router ospf 51
router-id 1.1.1.1
network 192.168.1.1 0.0.0.0 area 0
network 1.1.1.1 0.0.0.0 area 1

ip route 10.0.20.1 255.255.255.255 gi0/0 10.0.10.254

access-list 100 permit gre host 10.0.10.1 host 10.0.20.1

crypto isakmp policy 1
encr aes 256
hash sha512
group 24
authentication pre-share

crypto isakmp key cisco address 10.0.20.1
crypto isakmp keepalive 10 periodic

crypto ipsec transform-set TS1 esp-gcm 256
mode transport

crypto map CMAP 1 ipsec-isakmp
set peer 10.0.20.1
match address 100
set transform-set TS1
exit

int gi0/0
crypto map CMAP

aaa new-model
aaa authentication login default local
aaa authorization console 
username admin secret cisco
enable secret cisco

line con 0
exec-timeout 0 0
logging synchronous
transport preferred none

line vty 0 15
exec-timeout 0 0
logging synchronous
transport preferred none
transport input telnet ssh

logging buffered 40960
service sequence
service timestamp debug datetime localtime msec show-timezone year
service timestamp log datetime localtime msec show-timezone year

end

wr