How to build up a VPN tunnel between ERT-805 and VRT-311/311S? - FAQ

How to build up a VPN tunnel between ERT-805 and VRT-311/311S?

Suppose we have ERT-805 and VRT-311S as the following setting:
LAN_A --- ERT-805_1 --- ERT-805_2 --- VRT-311S --- LAN_B
Where LAN_A would build tunnel to LAN_B.

ERT-805_1:
LAN IP:192.168.0.254/24
WAN IP: 10.0.0.1/30

ERT-805_2:
LAN IP: 192.168.2.254/24
WAN IP: 10.0.0.2/30

VRT-311S:
LAN IP: 192.168.1.254
WAN IP: 192.168.2.253

Then we have the ERT-805_1 with the following configuration
ERT805_1# show run
Building configuration ...
service password-encryption
service timestamps debug
! hostname ERT805_1
! crypto ipsec transform-set TOVRT esp-3des esp-md5-hmac
description To_VRT311
mode tunnel
initialization-vector size 8
!
crypto map MAP1 1 ipsec-isakmp
description To_VRT311
set transform-set TOVRT
set peer 192.168.2.253
match address 100
!
crypto isakmp policy 1
authentication pre-share
encryption 3des
group 1
hash md5
!
crypto isakmp key 12345678 address 192.168.2.253 255.255.255.0
! interface fastethernet 0/0
ip address 192.168.0.254 255.255.255.0
!
interface serial 0/0
encapsulation ppp
ip address 10.0.0.1 255.255.255.252
crypto map MAP1
!
interface async 0/0
!
router rip
version 2
network 192.168.0.0
network 10.0.0.0
!
line vty 0 31
!
ip route 192.168.2.0 255.255.255.0 serial 0/0
ip route 192.168.1.0 255.255.255.0 serial 0/0
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
!
end
ERT805_1#wr

And we have ERT-805_2 as the settings as below:
ERT805_2# show run
Building configuration ...
service password-encryption
service timestamps debug
! hostname ERT805_2
! interface fastethernet 0/0
ip address 192.168.2.254 255.255.255.0
!
interface serial 0/0
encapsulation ppp
ip address 10.0.0.2 255.255.255.252
clockrate 2048000
!
interface async 0/0
!
router rip
version 2
network 192.168.2.0
network 10.0.0.0
!
line vty 0 31
!
ip route 192.168.2.0 255.255.255.0 192.168.2.253
ip route 192.168.0.0 255.255.255.0 serial 0/0
!
end
ERT805_2#wr

And third we have the setup of the VRT-311S with the following two figures.
After saving those three configurations above, ERT-805_1 can build VPN tunnel to VRT-311S
if there is any activities from LAN_A to LAN_B.The VPN status can be found from VPN Status of VRT-311 or with the command ¡§sh crypto ipsec sa¡¨ from router ERT-805_1.