The Cisco CG-OS router employs IKEv2 to authenticate to the destination router by using either a
pre-shared key (PSK) or by using RSA signatures with a Public Key Infrastructure (PKI). IKEv2 must
be configured on the source and destination router (peers) and both routers must employ the same
authentication method.
• PSK authenticates each router (peer) by requiring proof of possession of a shared secret. Each router
(peer) must have the same shared secret configured.
• RSA signatures employ a PKI-based method of authentication. (See Configuring PKI, page 6-1.)
IKEv2 interacts with PKI to obtain the identity certificates and to validate the peer (such as Cisco
CG-OS router and head-end router) certificates.

因为用Cert是比较安全，但是安全是有点复杂，而IKEv2是可以接受1）shared secret，2）RSA Cert。
如果 ...
角色 發表於 2018-3-2 10:28