IKEv2的认证是否可以用shared secret,而不用cert(RSA)?
本帖最後由 角色 於 2018-3-2 10:31 編輯
因为用Cert是比较安全,但是安全是有点复杂,而IKEv2是可以接受1)shared secret,2)RSA Cert。
来源
The Cisco CG-OS router employs IKEv2 to authenticate to the destination router by using either a
pre-shared key (PSK) or by using RSA signatures with a Public Key Infrastructure (PKI). IKEv2 must
be configured on the source and destination router (peers) and both routers must employ the same
authentication method.
• PSK authenticates each router (peer) by requiring proof of possession of a shared secret. Each router
(peer) must have the same shared secret configured.
• RSA signatures employ a PKI-based method of authentication. (See Configuring PKI, page 6-1.)
IKEv2 interacts with PKI to obtain the identity certificates and to validate the peer (such as Cisco
CG-OS router and head-end router) certificates.
如果RouterOS能接纳同时接纳两个认证就最好了!!!
More information on RouterOS IKEv2
https://forum.mikrotik.com/viewtopic.php?t=116865 |
發表於 2018-3-2 10:28
|