arp timeout 14400
global （outside） 1 interface
nat （inside） 0 access-list 90
nat （inside） 1 192.168.1.0 255.255.255.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 58.62.221.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server tacacs+ protocol tacacs+
aaa-server tacacs+ max-failed-attempts 3
aaa-server tacacs+ deadtime 10
aaa-server radius protocol radius
aaa-server radius max-failed-attempts 3
aaa-server radius deadtime 10
aaa-server local protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set netgear esp-3des esp-sha-hmac
/*使用的是静态加密map*/
crypto map tofvs318 20 ipsec-isakmp
crypto map tofvs318 20 match address 90
crypto map tofvs318 20 set peer 121.32.17.207
crypto map tofvs318 20 set transform-set netgear
crypto map tofvs318 interface outside
crypto map fvs318 20 ipsec-isakmp
crypto map fvs318 20 set pfs group2
! incomplete
isakmp enable outside
/*fvs318v3的wan ip为121.32.17.207 */
isakmp key ******** address 121.32.17.207 netmask 255.255.255.255
isakmp policy 9 authentication pre-share
isakmp policy 9 encryption 3des
isakmp policy 9 hash sha
isakmp policy 9 group 2
isakmp policy 9 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
cryptochecksum:f6ac69765d18b7ac0c3024295a82fe79
: end
pix515（config）#

1） 创建ike police