初手有个小问题希望能得到老鸟的解答！！！

 

注： pc 和服务器是用DY路由器模拟

 在ASA防火墙上实现IPSec ×××

配置如下：

ASA1：asa1
enconf t
host asa1
int e0/0
nameif inside
sec 100
ip add 172.16.10.254 255.255.255.0
no shutdown
exit
int e0/1
nameif outside
sec 0
ip add 100.0.0.1 255.255.255.252
no sh
exit
crypto isakmp enable outside
crypto isakmp policy 1
encryption aes
hash sha
authentication pre-share
group 2
exit
isakmp key benet address 100.0.0.2

access-list yf*** extended permit ip 172.16.10.0 255.255.255.0 10.10.33.0 255.255.255.0
access-list yf*** extended permit icmp 172.16.10.0 255.255.255.0 10.10.33.0 255.255.255.0
crypto ipsec transform-set benet-set esp-aes esp-sha-hmac
crypto map benet-map 1 match address yf***
crypto map benet-map 1 set peer 100.0.0.2
crypto map benet-map 1 set transform-set benet-set

crypto map benet-map interface outside
route outside 0 0 100.0.0.2
exit

ASA2:

en

conf t
host asa2
int e0/1
nameif inside
sec 100
ip add 10.10.33.254 255.255.255.0
no shutdown
exit
int e0/0
nameif outside
sec 0
ip add 100.0.0.2 255.255.255.252
no sh
exit
crypto isakmp enable outside
crypto isakmp policy 1
encryption aes
hash sha
authentication pre-share
group 2
exit
isakmp key benet address 100.0.0.1

access-list yf*** extended permit ip 10.10.33.0 255.255.255.0 172.16.10.0 255.255.255.0
access-list yf*** extended permit icmp  10.10.33.0 255.255.255.0 172.16.10.0 255.255.255.0
crypto ipsec transform-set benet-set esp-aes esp-sha-hmac
crypto map benet-map 1 match address yf***
crypto map benet-map 1 set peer 100.0.0.1
crypto map benet-map 1 set transform-set benet-set

crypto map benet-map interface outside

route outside 0 0 100.0.0.1
exit

--------------------------------

R1(pc机)：

en
int f0/0
ip add 172.16.10.1 255.255.255.0
no sh
exit
no ip routing

R2(服务器)：

en
int f0/0
ip add 10.10.33.1 255.255.255.0
no sh
exit
no ip routing

---------------------------------

用R1ping ASA上的100.0.0.1都不通是哪出问题了？