Cisco 7100 Series Spezifikationen PDF herunterladen (Seite 47)

Intranet VPN Business Scenario 3-17

Configuring IKE Policies

Note Set an ISAKMP identity whenever you specify preshared keys. The address

keyword is typically used when there is only one interface (and therefore only one IP

address) that will be used by the peer for IKE negotiations, and the IP address is known.

Use the hostname keyword if there is more than one interface on the peer that might be

used for IKE negotiations, or if the interface’s IP address is unknown (such as with

dynamically-assigned IP addresses).

hq-sanjose(config)# crypto isakmp key

12345 address 172.17.2.5

At the local peer: Specify the shared key the

headquarters router will use with the remote ofﬁce

router. This example conﬁgures the shared key

12345 to be used with the remote peer 172.17.2.5

(serial interface 1/0 on the remote ofﬁce router).

ro-rtp(config)# crypto isakmp identity

address

At the remote peer: Specify the ISAKMP identity

(address or hostname) the remote ofﬁce router will

use when communicating with the headquarters

router during IKE negotiations. Again, this example

speciﬁes the address keyword, which uses IP

address 172.17.2.5 (serial interface 1/0 of theremote

ofﬁce router) as the identity for the remote ofﬁce

router.

ro-rtp(config)# crypto isakmp key 12345

address 172.17.2.4

At the remote peer: Specify the shared key to be

used with the local peer. This is the same key you

just speciﬁed at the local peer. This example

conﬁgures the shared key 12345 to be used with the

local peer 172.17.2.4 (serial interface 1/0 on the

headquarters router).

Step Command Purpose

1 2 ... 42 43 44 45 46 47 48 49 50 51 52 ... 111 112

Keine Kommentare

Cisco 7100 Series Spezifikationen Seite 47