R3

en
conf t

hostname R3
ip domain name cisco.com
crypto key generate rsa modulus 2048

int l0
ip address 3.3.3.3 255.255.255.255
no shut

int gi0/1
ip address 10.0.20.1 255.255.255.0
ip ospf priority 254
no shut

int tun0
ip address 192.168.1.2 255.255.255.0
tunnel source gi0/1
tunnel destination 10.0.10.1
tunnel mode gre ip
no shut

router ospf 51
router-id 3.3.3.3
network 192.168.1.2 0.0.0.0 area 0
network 3.3.3.3 0.0.0.0 area 3

ip route 10.0.10.1 255.255.255.255 gi0/1 10.0.20.254

access-list 100 permit gre host 10.0.20.1 host 10.0.10.1

crypto isakmp policy 1
encr aes 256
hash sha512
group 24
authentication pre-share

crypto isakmp key cisco address 10.0.10.1
crypto isakmp keepalive 10 periodic

crypto ipsec transform-set TS1 esp-gcm 256
mode transport

crypto map CMAP 1 ipsec-isakmp
set peer 10.0.10.1
match address 100
set transform-set TS1
exit

int gi0/1
crypto map CMAP


aaa new-model
aaa authentication login default local
aaa authorization console 
username admin secret cisco
enable secret cisco

line con 0
exec-timeout 0 0
logging synchronous
transport preferred none

line vty 0 15
exec-timeout 0 0
logging synchronous
transport preferred none
transport input telnet ssh

logging buffered 40960
service sequence
service timestamp debug datetime localtime msec show-timezone year
service timestamp log datetime localtime msec show-timezone year

end

wr