cisco IPSec 离线证书认证
![在这里插入图片描述](https://img-blog.csdnimg.cn/20191010094427847.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl80Mzk4MTkxNQ==,size_16,color_FFFFFF,t_70)
配置命令
IPSec vpn 离线证书
crypto key generate rsa modulus 1024 label R1
do show crypto key mypubkey rs
cry pki trustpoint win2012
rsakeypair R1
subject-name cn=R1.freeit,ou=NS,o=yinhe
enrollment terminal
revocation-check none
ex
crypto pki authenticate win2012
crypto pki enroll win2012
crypto pki import win2012 certificate
do show cry pki cer
crypto pki certificate map Cert-acl 10
subject-name co ou=NS
exit
crypto isakmp policy 10
encryption 3des
group 5
hash sha256
authentication rsa-sig
ex
crypto isakmp profile PKI-profile
ca trust-point win2012
match certificate Cert-acl