Cisco 7100 Series Especificaciones descargar pdf (Pagina 46)

Step 3—Configuring Encryption

Cisco 7100 Series VPN Configuration Guide

3-16

• Preshared keys authentication method:

If you specify preshared keys as the authentication method in a policy, you must

conﬁgure these preshared keys as described in the following section “Conﬁguring

Preshared Keys.”

If RSA encryption is conﬁgured and signature mode is negotiated, the peer will request

both signature and encryption keys. Basically, the router will request as many keys as the

conﬁguration will support. If RSA encryption is not conﬁgured, it will just request a

signature key.

Conﬁguring Preshared Keys

To conﬁgure preshared keys, perform these tasks at each peer that uses preshared keys in

an IKE policy:

1 Set each peer’s ISAKMP identity. Each peer’s identity should be set to either its host

name or by its IP address. By default, a peer’s identity is set to its IP address.

2 Specify the shared keys at each peer. Note that a given preshared key is shared between

twopeers. At a given peer,you could specify the same keyto share with multiple remote

peers; however, a more secure approach is to specify different keys to share between

different pairs of peers.

To specify preshared keys at a peer, complete the following steps in global conﬁguration

mode:

Step Command Purpose

hq-sanjose(config)# crypto isakmp

identity address

At the local peer: Specify the ISAKMP identity

(address or hostname) the headquarters router will

use when communicating with the remote ofﬁce

router during IKE negotiations. This example

speciﬁes the address keyword, which uses IP

address 172.17.2.4 (serial interface 1/0 of the

headquarters router) as the identity for the

headquarters router.

1 2 ... 41 42 43 44 45 46 47 48 49 50 51 ... 111 112

Sin comentarios

Cisco 7100 Series Especificaciones Pagina 46