上海ikev2 profile配置了
match remote certificate To-SH-ikev2-policy
天津ikev2 profile配置了
match remote certificate To-TJ-ikev2-policy2
为什么查看状态 都调用了match remote certificate To-SH-ikev2-policy 呢?
ikev2 profile To-SH-ike-profile
authentication-method local pre-share
authentication-method remote pre-share
keychain To_SH_ikev2_keychain
identity local address 192.168.11.20
match local address GigabitEthernet1/0/0
match remote certificate To-SH-ikev2-policy
match remote identity address 192.168.11.10 255.255.255.255
#
ikev2 profile To-TJ-ike-profile
authentication-method local pre-share
authentication-method remote pre-share
keychain To_TJ_ikev2_keychain
identity local address 192.168.11.20
match local address GigabitEthernet1/0/0
match remote certificate To-TJ-ikev2-policy2
match remote identity address 192.168.11.30 255.255.255.255
#
ikev2 proposal 1
encryption 3des-cbc
integrity md5
dh group24
prf sha1
#
ikev2 proposal 2
encryption 3des-cbc
integrity md5
dh group20
prf sha1
#
ikev2 policy To-SH-ikev2-policy
match vrf any
proposal 1
match local address 192.168.11.20
#
ikev2 policy To-TJ-ikev2-policy2
match vrf any
proposal 2
match local address 192.168.11.20
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
那怎么弄能让他们各自用自己的呢?
你这是数字签名认证?需要看下access-control-policy 怎么配置的。proposal内容调整成不一样的试试
不是数字签名认证,pre-share密码认证,因为我去对接对方所以我没法去调整
那应该配置match remote identity address ,certificate代表数字签名认证。
那我这个理解错了 还以为 这个是每个点调用各自的 proposal呢。目的只是想每个ikev2 调用各自的 proposal