IP Security - Virtual Private Network
Left running head:
Chapter name (automatic)
864
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
The above can be achieved in the following way:
ALU(config)# match-list tunnel
ALU(config-match-list tunnel)# 1 ip prefix 10.91.0.0/24
prefix 10.0.0.0/24
ALU(config)# crypto map cryp-tunnel ipsec-ike default
ALU(config-crypto-map-cryp-tunnel)# match tunnel
ALU(config)# match-list nxt-tunnel
ALU(config-match-list tunnel)# 2 ip prefix 192.168.0.0/24
prefix 10.0.0.0/24
ALU(config)# crypto map cryp-nxt-tunnel ipsec-ike default
ALU(config-crypto-map-cryp-nxt-tunnel)# match nxt-tunnel
With respect to editing a match-list within a crypto map, consider the following
scenarios:
C
ASE(I) DELETION OF THE MATCH-LIST USED BY A CRYPTO MAP
Match-list cannot be deleted if it is attached to a crypto map.
C
ASE(II) DELETION OF THE RULE IN A MATCH-LIST USED BY A CRYPTO MAP
A rule in the match-list cannot be deleted if the match-list is attached to a crypto
map.
C
ASE(III) MODIFYING THE RULE WITHIN THE MATCH-LIST USED BY A CRYPTO MAP
If a rule in the match-list which is connected to the crypto map is modified, the
tunnel goes down and the SPD is modified. Tunnel will come up again for the
modified SPD. The modified rule should satisfy IPsec match-list criteria.
C
ASE(IV) ADDING AN EXTRA RULE TO THE MATCH-LIST USED BY A CRYPTO MAP
An extra rule cannot be added to a match-list if it is attached to a crypto map.
To Next Page
Loading...
Need help?
General
