isakmp_profile
主要是用在remote和site to site同时实施的情况,可以实现remote和site to site使用不同的密码.
R1
crypto isakmp policy 10
authentication pre-share
crypto keyring aaa
pre-shared-key address 202.102.1.2 key cisco
crypto isakmp profile bbb
keyring aaa
match identity address 202.102.1.2 255.255.255.255
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
!
crypto map cisco 10 ipsec-isakmp
set peer 202.102.1.2
set transform-set cisco
set isakmp-profile bbb
match address 100
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
!
!
interface Serial1/1
ip address 202.102.1.1 255.255.255.0
serial restart-delay 0
crypto map cisco
!
ip route 0.0.0.0 0.0.0.0 202.102.1.2
access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
R2
crypto keyring aaa
pre-shared-key address 202.102.1.1 key cisco
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp profile bbb
keyring aaa
match identity address 202.102.1.1 255.255.255.255
!
!
crypto ipsec transform-set cisco esp-des esp-md5-hmac
!
crypto map cisco 10 ipsec-isakmp
set peer 202.102.1.1
set transform-set cisco
set isakmp-profile bbb
match address 100
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
!
interface Serial1/0
ip address 202.102.1.2 255.255.255.0
serial restart-delay 0
crypto map cisco
!
ip route 0.0.0.0 0.0.0.0 202.102.1.1
access-list 100 permit ip host 2.2.2.2 host 1.1.1.1
只有这个版本支持:
r1#show version
Cisco IOS Software, 7200 Software (C7200-ADVSECURITYK9-M), Version 12.4(20)T1, R
ELEASE SOFTWARE (fc3)
r2#ping 1.1.1.1 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/126/160 m
r2#show crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: cisco, local addr 202.102.1.2
protected vrf: (none)
local ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/0/0)
current_peer 202.102.1.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 9, #pkts encrypt: 9, #pkts digest: 9
#pkts decaps: 9, #pkts decrypt: 9, #pkts verify: 9
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 202.102.1.2, remote crypto endpt.: 202.102.1.1
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x9C76746(164063046)
转载于:https://blog.51cto.com/sngyqd/624849
isakmp_profile相关推荐
- 飞信通知api_网络通知API
飞信通知api Every UI framework has the same set of widgets which have become almost essential to modern ...
最新文章
- 修改Linux终端命令行字体颜色(对比明显,超炫酷)
- chrome 历史版本_2020 年最后一次更新,Chrome 性能大提升的新版本来了
- Java 中 @Autowired与@Resource的区别
- 网址发布收藏页源码自适应
- Git Rebase后,本地代码丢失解决方法
- No goals have been specified for this build. You must specify a valid lifecycle phase or a goal.....
- 深入解读Linux进程调度系列(7)——调度与CPU隔离
- java实现浏览器ui中的收藏夹_Java实现简单的图片浏览器
- 食品药品版本库存管理软件
- R数据分析——回归分析
- 智能运动鞋方案/案列/APP/小程序/网站
- 如何增加你微博的粉丝人数?微博推广20绝招
- 博物馆场馆智能化展览展示解决方案
- 高精度电流检测电路INA199可用于过流保护应用
- 双向可控硅在交流调压电路中的使用
- 通道注意力机制keras_在TensorFlow+Keras环境下使用RoI池化一步步实现注意力机制
- python爬虫——使用selenium爬取微博数据(一)
- st_link v2制作流程
- win10计算机文件夹,win10我的电脑6个文件夹如何清理_win10删除我的电脑6个文件夹操作步骤...
- python3.8安装包下载,适用于win7,win10