|
/P>
图上的IP标错了,将20.20.20.21 和20.20.20.20对调下!
Implementation Tips for IPSec
Here are some implementation tips for IPSec:
-
Before you configure crypto, make certain that you have connectivity between the endpoints of the communication.
-
Make sure that either DNS works on the router, or you have entered the CA hostname (if you use a CA).
-
IPSec uses IP protocols 50 and 51, and IKE traffic passes on protocol 17, port 500 (UDP 500). Make sure these are permitted appropriately.
-
Be careful not to use the word "any" in your ACL. This causes problems. For more information, see the "Usage Guidelines" for access-list in the PIX command reference.
-
Recommended transform combinations are:
esp-des and esp-sha-hmac ah-sha-hmac and esp-des
-
Remember that AH is just an au 页码:[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] 第10页、共13页 |
