IPsec VPN Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
837
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
TO CONFIGURE IPSEC CRYPTO MAP
Crypto map entries created for IPsec pull together various parts used to set up
IPsec security associations that include:
• Which traffic should be protected by IPsec (as defined by match-list earlier)
• Where the IPsec-protected traffic should be sent (remote IPsec peer).
• What kind of IPsec security to be applied to this traffic (as configured by the
transform-set)
• Security associations established via IKE.
Note: The crypto map name can have a maximum of 32 characters.
Force - This option is used to modify a crypto map when it is applied to an interface.
EXAMPLE
ALU(config)# crypto map exampleMap ipsec-ike examplePolicy
ALU(config-crypto-map-exampleMap)#
T
O ATTACH MATCH-LIST TO A CRYPTO MAP
Note: If you try to attach a match-list to a crypto map that already has one, it overrides the
existing match-list provided it satisfies the match-list criteria for IPSec.
E
XAMPLE
ALU(config-crypto-map-exampleMap)# match matchlist1
ALU(config-crypto-map-exampleMap)# no match matchlist1
Command (in CM) Description
crypto map <name> ipsec-ike <ike-
policy name>} [force]
This command creates a crypto
map, and attaches an IKE policy to
it.
Enter the IKE policy name as
‘default’ to use the default IKE
policy.
Command (in Crypto Map CM) Description
match <match-list name> This command attaches a match-list to
a crypto map.
no match <match-list name> The ‘no’ command detaches the
specified match-list attached to a
crypto map.
To Next Page
Loading...
Need help?
General
