1.ISAKMP/IKE阶段1配置:
Crypto isakmp policy 1
Encryption aes
Hash sha
Authenticication pre-share
Grpup 2
Lifettime 3600
配置预共享密钥:
Crypto isakmp key 6 abc.com address 100.0.0.1
2.ISAKMP/IKE阶段2配置:
Access-list 100 permit ip s.s.s.s 0.0.0.255 d.d.d.d 0.0.0.255
Crypto ipsec transform-set accp.com
Esp-des ah-sha-hmac
Crypto map abc 1 ipsec-isakmp
Match address 100
Set peer d.d.d.d
Set transform-set accp.com
Set pfs group2
Set security-association lifetime seconds 1800
Set security-association idle-time seconds
3. 应用接口
Interface f0/0
Crypto map abc
