4.4 IKEv2 Win7 客户端证书认证
------------------------------------------------------
tunnel0 ---------------------Virtual-Access
| |
| 202.100.1.0 61.128.1.0 |
------Client------------Internet--------Server--------
172.16.1.1 .1 | .10 .10 | .1 10.1.1.1
| |
.100 / \
win7 .100 .241
win2008 ACS5.3
-------------------------------------------------------
Server端配置 TrustPoint
严重注意:配置之前手动同步设备时间
ip domain name mingjiao.org
ip name-server 61.128.1.100
ip domain-lookup
enable password cisco
crypto pki trustpoint CA
enrollment terminal
fqdn Server.mingjiao.org
subject-name cn=Server.mingjiao.org,ou=MingJiao
revocation-check none
rsakeypair Server.mingjiao.org 1024
eku request server-auth
Server
1.配置AAA
aaa new-model
aaa authentication login noacs line none
line con 0
login authentication noacs
line aux 0
login authentica
------------------------------------------------------
tunnel0 ---------------------Virtual-Access
| |
| 202.100.1.0 61.128.1.0 |
------Client------------Internet--------Server--------
172.16.1.1 .1 | .10 .10 | .1 10.1.1.1
| |
.100 / \
win7 .100 .241
win2008 ACS5.3
-------------------------------------------------------
Server端配置 TrustPoint
严重注意:配置之前手动同步设备时间
ip domain name mingjiao.org
ip name-server 61.128.1.100
ip domain-lookup
enable password cisco
crypto pki trustpoint CA
enrollment terminal
fqdn Server.mingjiao.org
subject-name cn=Server.mingjiao.org,ou=MingJiao
revocation-check none
rsakeypair Server.mingjiao.org 1024
eku request server-auth
Server
1.配置AAA
aaa new-model
aaa authentication login noacs line none
line con 0
login authentication noacs
line aux 0
login authentica