Cloud Native应用交付
  • 首页
  • 关于本站
  • 个人介绍
  • Downloads
  • Repo
    • Github
    • Container
  • F5
    • F5 Python SDK
    • F5-container
    • F5-LBaaS
  • 社交
    • 联系我
    • 微信/微博
    • 公众号
    • 打赏赞助
行至水穷处 坐看云起时
☁️We are in new App Mesh era: imesh.club ☁️
  1. 首页
  2. 路由器技术
  3. 正文

动态VPN 与静态VPN共存问题

2007年05月03日 4402点热度 0人点赞 0条评论

Verify Crypto Map Sequence Numbers
If static and dynamic peers are configured on the same crypto map, the order of the crypto map entries is very
important. The sequence number of the dynamic crypto map entry must be higher than all of the other static
crypto map entries. If the static entries are numbered higher than the dynamic entry, connections with those
peers fail.
Here is an example of a properly numbered crypto map that contains a static entry and a dynamic entry. Note
that the dynamic entry has the highest sequence number and room has been left to add additional static entries:
crypto dynamic−map cisco 20 set transform−set myset
crypto map mymap 10 match address 100
crypto map mymap 10 set peer 172.16.77.10
crypto map mymap 10 set transform−set myset
crypto map mymap 60000 ipsec−isakmp dynamic cisco
Disable XAUTH for L2L Peers
If a LAN−to−LAN tunnel and a Remote Access VPN tunnel are configured on the same crypto map, the
LAN−to−LAN peer is prompted for XAUTH information, and the LAN−to−LAN tunnel fails.
Note: This issue only applies to Cisco IOS and PIX 6.x. Because it uses tunnel−groups, PIX/ASA 7.x is not
affected by this issue.
Use the no−xauth keyword when you enter the isakmp key, so the device does not prompt the peer for
XAUTH information (username and password). This keyword disables XAUTH for static IPSec peers. Enter a
command similar to this on the device that has both L2L and RA VPN configured on the same crypto map:
router(config)# crypto isakmp key cisco123 address
172.22.1.164 no−xauth

本作品采用 知识共享署名 4.0 国际许可协议 进行许可
标签: VPN
最后更新:2007年05月03日

纳米

http://linjing.io

打赏 点赞
< 上一篇
下一篇 >

文章评论

取消回复

纳米

http://linjing.io

☁️迈向Cloud Native ADC ☁️

认证获得:
Kubernetes: CKA #664
Microsoft: MCSE MCDBA
Cisco: CCNP
Juniper: JNCIS
F5:
F5 Certified Solution Expert, Security
F5 Certified Technology Specialist, LTM/GTM/APM/ASM
F5 Certified BIG-IP Administrator
  • 点击查看本博技术要素列表
  • 分类目录
    • Avi Networks (3)
    • Cisco ACI (1)
    • CISCO资源 (21)
    • F5 with ELK (8)
    • F5-Tech tips (38)
    • F5技术 (203)
    • Juniper (4)
    • Linux (7)
    • Nginx (18)
    • SDN (4)
    • ServiceMesh (19)
    • WEB编程 (8)
    • WINDOWS相关 (7)
    • 业界文章 (18)
    • 交换机技术 (20)
    • 化云为雨/Openstack (35)
    • 协议原理 (52)
    • 容器/k8s (64)
    • 我的工作 (19)
    • 我的生活 (70)
    • 网站技术 (19)
    • 路由器技术 (80)
    • 项目案例 (28)
    文章归档
    标签聚合
    F5 k8s openstack nginx istio DNS envoy gtm docker network flannel api irule bigip neutron cc kubernetes ELK vxlan BGP dhcp VPN IPSec lbaas ingress ingress controller nginx plus sidecar IPSec VPN NAT sql
    最新 热点 随机
    最新 热点 随机
    Say hello for 2021 二进制flannel部署,非cni网络模式下与k8s CIS结合方案 又是一年国庆 Service Account Token Volume Projection Istio ingressgateway 静态TLS证书加载与SDS发现方式配置区别 Istio里Gateway的port定义与实际ingressgateway的listener端口关系及规则 Helm 3 部署NGINX Ingress Controller 应用交付老兵眼中的Envoy, 云原生时代下的思考 Istio sidecar iptables以及流量控制分析 Istio 熔断策略及envoy配置
    Say hello for 2021
    Neutron Networking: Neutron Routers and the L3 Agent 中国版小白兔自杀手册 NGINX与oAuth2/OIDC系列三 Istio ingressgateway 静态TLS证书加载与SDS发现方式配置区别 以前单位同事一次DHCP snooping排错经历 CCNP第一天 Configuring Unicast Reverse Path Forwarding 调查:2006让你感触最深的词! Istio里Gateway的port定义与实际ingressgateway的listener端口关系及规则 2009,我的这一年
    链接表
    • Jimmy Song‘s Blog
    • SDNap
    • SDNlab
    • SDN论坛
    • Service Mesh社区
    • 三斗室
    • 个人profile

    COPYRIGHT © 2020 Cloud Native应用交付. ALL RIGHTS RESERVED.

    THEME KRATOS MADE BY VTROIS

    京ICP备14048088号-1

    京公网安备 11010502041506号

    [ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin