hoặc tạo ra một cái mới bằng cách nhấn vào nút Add. Nếu bạn nhấp vào nút Add, cửa sổ chính sách IKE Thêm xuất hiện, nơi bạn phải cấu hình như sau:Ưu tiên-Xác định làm thế nào chính sách này IKE mới được lập trình tự với những cái hiện có. | 310 Chapter 13 Site-to-Site VPN Operations The IKE Proposals screen displays all SDM default IKE proposals and any IKE proposals configured individually. You can select a proposal from this list or create a new one by clicking the Add button. If you click the Add button the Add IKE Policy window appears where you must configure the following Priority Determines how this new IKE policy is sequenced with existing ones. Encryption Select the appropriate encryption algorithm DES 3DES or AES . Hash Select the appropriate hash algorithm MD5 or SHA-1 . D-H Group Select the appropriate Diffie-Hellman group group1 group2 or group5 . Authentication Select the authentication method preshared keys or RSA signatures . Lifetime Enter hours minutes and seconds for the IKE lifetime. When you are finished with the new parameters click the OK button and the new IKE proposal appears sequenced according to its priority number. You can highlight and edit any user-defined IKE proposals here if needed the default IKE proposal cannot be edited . When you are done with IKE proposals click the Next button at the bottom of the screen. Define IPsec Transform Sets The third task in the step-by-step setup is to configure the IPsec transform sets. As with IKE proposals only one IPsec transform set is needed but the IPsec peer must have a duplicate transform set for IKE phase 2 to be successful. Multiple transform sets are typically configured at a central site where many remote locations are peering. Figure 13-16 shows the Transform Set screen. Figure 13-16 SDM IPsec Transform Set Configuring a Site-to-Site VPN in SDM 311 The IPsec Transform Set screen displays the selected transform set that is used with this IPsec VPN. The pull-down menu allows you to access all SDM default IPsec transform sets and any IPsec transform sets configured individually. You can select a transform set from this list or create a new one by clicking the Add button. If you click the Add button the Add Transform Set .