Cisco 7100 Series Especificaciones Pagina 45
- Pagina / 112
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Intranet VPN Business Scenario 3-15
Configuring IKE Policies
Additional Configuration Required for IKE Policies
Depending on which authentication method you specify in your IKE policies, you need to
complete an additional companion configuration before IKE and IPSec can successfully
use the IKE policies.
Each authentication method requires an additional companion configuration as follows:
• RSA signatures method:
If you specify RSA signatures as the authentication method in a policy, you must
configure the peers to obtain certificates from a Certification Authority (CA). (And, of
course, the CA must be properly configured to issue the certificates.) Configure this
certificate support as described in the “Configuring Certification Authority
Interoperability” chapter of the Security Configuration Guide.
The certificates are used by each peer to securely exchange public keys. (RSA
signatures requires that each peer has the remote peer’s public signature key.) When
both peers have valid certificates, they will automatically exchange public keys with
each other as part of any IKE negotiation in which RSA signatures are used.
• RSA encrypted nonces method:
If you specify RSA encrypted nonces as the authentication method in a policy, you need
to ensure that each peer has the other peers’ public keys.
Unlike RSA signatures, the RSA encrypted nonces method does not use certificates to
exchange public keys. Instead, you ensure that each peer has the others’ public keys by
doing the following:
— Manually configure RSA keys as described in the “Configuring Internet Key
Exchange Security Protocol” chapter of the Security Configuration Guide.
— Ensure that an IKE exchange using RSA signatures has already occurred between
the peers. (The peers’ public keys are exchanged during the RSA-signatures-based
IKE negotiations.)
To make this happen, specify two policies: a higher-priority policy with RSA
encrypted nonces, and a lower-priority policy with RSA signatures. When IKE
negotiations occur, RSA signatures will be used the first time because the peers do
not yet have each others’ public keys. Then, future IKE negotiations will be able to
use RSA-encrypted nonces because the public keys will have been exchanged.
Of course, this alternative requires that you have CA support configured.
- Cisco 7100 Series VPN 1
- Configuration Guide 1
- Preface vii 3
- Audience 4
- Organization 5
- Related Documentation 6
- Preface xi 7
- Conventions 8
- Cisco Connection Online 9
- Documentation CD-ROM 10
- Using Cisco IOS Software 11
- Getting Help 12
- Finding Command Options 13
- • controller t1 1 13
- Understanding Command Modes 18
- Summary of Main Command Modes 19
- Router(config-if)# 20
- Router(config-subif)# 20
- Saving Configuration Changes 21
- Saving Configuration Changes 22
- Before You Begin 23
- Considerations 25
- Before You Begin 2-5 27
- Assumptions 29
- Intranet VPN Business 31
- Scenario 31
- Scenario Description 32
- Step 1—Configuring the Tunnel 34
- Step 1—Configuring the Tunnel 35
- Step 3—Configuring Encryption 41
- Configuring IKE Policies 43
- Creating Policies 44
- • RSA signatures method: 45
- Configuring Preshared Keys 46
- Verifying IKE Policies 48
- Configuring IPSec 49
- Creating Crypto Access Lists 51
- Verifying Crypto Access Lists 51
- Defining Transform Sets 52
- Step 3—Configuring Encryption 54
- Verifying Transform Sets 55
- Creating Crypto Map Entries 58
- Verifying Crypto Map Entries 59
- To verify the configuration: 65
- Extranet VPN Business 73
- 67890 address 172.17.2.4 83
- Tunnel mode 88
- Transport mode 88
- Configuring Crypto Maps 89
- Configuring Crypto Maps 93
Relacionado con productos y manuales para Redes Cisco 7100 Series
Redes Cisco VPN 3000 Manual de usuario
(25 paginas)
(25 paginas)
Redes Cisco MCS 7835 Series Manual de usuario
(9 paginas)
(9 paginas)
Redes Cisco 1802W Manual de usuario
(40 paginas)
(40 paginas)
Redes Cisco 4500M Guía de instalación
(32 paginas)
(32 paginas)
Redes Cisco 7120-4T1 - 7120 Router Especificaciones
(24 paginas)
(24 paginas)
Redes Cisco VPN 3000 Guía de usuario
(502 paginas)
(502 paginas)
Redes Cisco EF3116 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco 826 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco 1861 Manual de usuario
(13 paginas)
(13 paginas)
Redes Cisco TES301 Manual de usuario
(52 paginas)
(52 paginas)
Redes Cisco MGBSX1 Manual de usuario
(16 paginas)
(16 paginas)
Redes Cisco 1005 - 1005 Router Manual de usuario
(10 paginas)
(10 paginas)
Redes Cisco PA-2FE-TX Especificaciones
(60 paginas)
(60 paginas)
Redes Cisco 880 Series Manual de usuario
(18 paginas)
(18 paginas)
Redes Cisco 2520-RF - 2520 Router Especificaciones
(116 paginas)
(116 paginas)
Redes Cisco EPC3825 Manual de usuario
(8 paginas)
(8 paginas)
Redes Cisco DPC3008 Guía de usuario
(44 paginas)
(44 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.130 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales