看见几次有人说TED,引擎搜索都困难。
终于让我搜出来是Tunnel End-Point Discovery的缩写。
我就认真的研读一番,发现某些人给人家的建议实在不妥,你真搞清楚它了。
首先它是思科私有协议,只在IOS下运行,你说ASA能行吗?!
其次它只能运行在外网IP在同一网段的环境,真是鸡肋,搞这个有用吗!
还用继续下去吗?我没感到有什么实用价值。
难怪搜索引擎都不收入,没人用嘛。
不过终于学习了一点东西,上次有人问那个discover干吗用的,本人很老实的说没用过,不知道。现在知道它的出处了,不过我就纳闷了,很多地方看见有人用这个指令,根本就是无的放矢嘛。也不知道谁先开的头。
以后谁在提TED,我就要问TED到底懂了没?!

下面转帖思科的案例配置
Building configuration...

Current configuration : 1426 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Daphne
!
boot system flash  c2600-jk9s-mz.122-27.bin


enable password cisco
!

memory-size iomem 10
ip subnet-zero
!
!
no ip domain-lookup
!
!
!
!

!--- Defines the IKE policy. While using TED, the peer
!--- address associated with the pre-shared key should be defined as wildcard
!--- in the IKE policy, to authenticate any discovered peer.

         
crypto isakmp policy 10
authentication pre-share
crypto isakmp key abc123 address 0.0.0.0 0.0.0.0

!
!

!--- Defines the transform to use for IPsec SAs.

crypto ipsec transform-set ted-transforms esp-des esp-md5-hmac
!

!--- Defines a dynamic crypto map to use for establishing IPsec SAs.

crypto dynamic-map ted-map 10
set transform-set ted-transforms
match address 101

!
!

!--- The 'discover' keyword used with the dynamic crypto map
!--- enables peer discovery.


crypto map tedtag 10 ipsec-isakmp dynamic ted-map discover
!


!
interface FastEthernet0/0
ip address 11.11.11.1 255.255.255.0
duplex auto
speed auto
crypto map tedtag
!
interface FastEthernet0/1
ip address 13.13.13.13 255.255.255.0
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 11.11.11.2
ip http server

!
!
!

!--- Defines the traffic to be encrypted using IPsec.

access-list 101 permit ip 13.13.13.0 0.0.0.255 12.12.12.0 0.0.0.255

!
!

!--- Output is suppressed.


!
!


line con 0
line aux 0
line vty 0 4

login
!
end


Building configuration...

Current configuration : 1295 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname fred
!
boot system flash  c2600-jk9s-mz.122-27.bin


!
memory-size iomem 10
ip subnet-zero
!
!
!
!
!
!

!--- Defines the IKE policy. While using TED, the peer
!--- address associated with the pre-shared key should be defined as wildcard
!--- in the IKE policy, to authenticate any discovered peer.


crypto isakmp policy 10
authentication pre-share
crypto isakmp key abc123 address 0.0.0.0 0.0.0.0

!
!

!--- Defines the transform to use for IPsec SAs.

crypto ipsec transform-set ted-transforms esp-des esp-md5-hmac
!

!--- Defines a dynamic crypto map used to establish IPsec SAs.

crypto dynamic-map ted-map 10
set transform-set ted-transforms
match address 101

!
!

!--- The 'discover' keyword used with the dynamic crypto map
!--- enables peer discovery.


crypto map tedtag 10 ipsec-isakmp dynamic ted-map discover
!

!
!
interface FastEthernet0/0
ip address 11.11.11.2 255.255.255.0
duplex auto
speed auto
crypto map tedtag
!
interface FastEthernet0/1
ip address 12.12.12.12 255.255.255.0
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 11.11.11.1
ip http server

!         
!
!

!--- Defines the traffic encrypted using IPsec.

access-list 101 permit ip 12.12.12.0 0.0.0.255 13.13.13.0 0.0.0.255

!
!

!--- Output is suppressed.


!
line con 0
line aux 0
line vty 0 4
login   
!
end[/quote]