How it works: one side of the server network subnet for the 192.168.1.0/24 router for the 100.10.15.1 on the other side of the server for the 192.168.10.0/24 router for 200.20.25.1. Perform the following steps:
1. To determine a preshared key (secret password) (The following example confidential password is assumed to be noip4u)
2. Configure IKE for the SA negotiation process.
3. Configure IPSec.
Configure IKE:
Shelby (config) #crypto ISAKMP policy 1
Shelby (CONFIG-ISAKMP) #group 1
Note: Unless you buy a high-end router or have less VPN traffic, it is best to use the group 1 length key, The group command has two parameter values: 1 and 2. A parameter value of 1 indicates that the key uses a 768-bit key, and the parameter value 2 indicates that the key uses a 1024-bit key, which obviously has a high security, but consumes more CPU time.
Shelby (CONFIG-ISAKMP) #authentication Pre-share
Remarks: Tells the router to use a preshared password.
Shelby (CONFIG-ISAKMP) #lifetime 3600
Remarks: Adjusts the cycle for generating a new SA. This value is in seconds, and the default value is 86400, which is the day. It is worth noting that routers at both ends have to set the same SA cycle, or the VPN will arrive in a shorter SA cycle after the normal initialization.
Shelby (config) #crypto ISAKMP key noip4u address 200.20.25.1
Note: Returns to the global setting mode to determine the preshared key to use and the IP address of the destination router IP address that is the other end of the VPN router. Correspondingly, the router configuration on the other side is similar to the above command, except that the IP address is changed to 100.10.15.1.
More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/Network/lyjs/