esp-md5-hmac
!定义phase 2的加密和散列算法作为一个transform-set
crypto dynamic-map dynomap 10 set transform-set aaades
!把transform-set绑定到dynamic-map
crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap
!把dynamic-map绑定到vpnpeer
crypto map vpnpeer client authentication myserver
!定义进行xauth使用的AAA服务器
crypto map vpnpeer interface outside
!把crypto map绑定到outside口
isakmp enable outside
!在outside口绑定isakmp
isakmp client configuration address-pool local dialer outside
!配置分配给VPN client的地址池
isakmp policy 10 authentication pre-share
!定义phase 1使用pre-shared key进行认证
isakmp policy 10 encryption des
!定义phase 1协商用DES加密算法
isakmp policy 10 hash md5
!定义phase 1协商用MD5散列算法
isakmp policy 10 group 2
!定义phase 1进行页码:[1] [2] [3] [4] [5] [6] [7] 第5页、共7页 |
