dt3-45a(config-isakmp)#lifetime 500
IKE SA生命周期,默认86400秒,也就是一天,路由器不够强大则不建议太短.
dt3-45a(config-isakmp)#authentication pre-share
验证方法,默认RSA-SG,使用RSA-SG需要配合CA.使用pre-share就需要使用crypto isakmp key **** address peer-address来指定key
dt3-45a(config-isakmp)#exit
dt3-45a(config)#crypto isakmp key Slurpee-Machine address 192.168.10.38
这里的KEY要和对等体的配置一样.
You are now done with IKE configuration. These lines are the IKE configuration of the peer (the complete configurations for both routers are in the Sample Configurations section of this document):
crypto isakmp policy 1
hash md5
group 2
authentication pre-share
crypto isakmp key Slurpee-Machine address 192.168.10.66
接下来Configure IPSec
Create extended ACL.
dt3 页码:[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] 第8页、共13页 |
