Version 7.2 759 Mediant MSBR
Reference Guide 76 Security
(config-crypto-map)# set peer <peer-ip>
(config-crypto-map)# set transform-set <set-name>
(config-crypto-map)# set pfs {group1|group2|group5|same}
(config-crypto-map)# set security-association lifetime seconds <#>
(config-crypto-map)# match address <acl-name>
Command Description
peer-ip Specifies an IPSec peer in a crypto map entry.
set-name Specifies which transform sets can be used with the crypto
map entry. The set-name will be compare with all transform-
sets prefix
group1|group2|
group5|same
Specifies that IPSec should ask for PFS when requesting
new SAs for this crypto map entry, or that IPSec requires
PFS when receiving requests for new SAs:
 group1 - Diffie-Hellman group 1
 group2 - Diffie-Hellman group 2
 group5 - Diffie-Hellman group 5
 same - Same Diffie-Hellman group as phase 1
# Specifies the lifetime of an IPSec SA.
acl-name Specifies an extended access list for a crypto map entry.
Only the first entry in the access list will be considered.
Default
IPSec SA lifetime default is 28800 seconds.
Command Mode
crypto map defined in enabled configuration mode.
Example
This example demonstrates how to configure a crypto map:
(config data)# crypto map LAN_VPN 20 ipsec-isakmp
To Next Page
Loading...
Need help?
General
