EasyManua.ls Logo

Cisco 2901 - Configure the Ipsec Crypto Method and Parameters

Cisco 2901
408 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
141
Cisco 3900 Series, Cisco 2900 Series, and Cisco 1900 Series Integrated Services Routers Generation 2 Software Configuration Guide
Chapter Configuring Security Features
Configuring VPN
Configure the IPSec Crypto Method and Parameters
A dynamic crypto map policy processes negotiation requests for new security associations from remote
IPSec peers, even if the router does not know all the crypto map parameters (for example, IP address).
To configure the IPSec crypto method, follow these steps, beginning in global configuration mode.
SUMMARY STEPS
1. crypto dynamic-map dynamic-map-name dynamic-seq-num
2. set transform-set transform-set-name [transform-set-name2...transform-set-name6]
3. reverse-route
4. exit
5. crypto map map-name seq-num [ipsec-isakmp] [dynamic dynamic-map-name] [discover]
[profile profile-name]
DETAILED STEPS
Command or Action Purpose
Step 1
crypto dynamic-map dynamic-map-name
dynamic-seq-num
Example:
Router(config)# crypto dynamic-map dynmap 1
Router(config-crypto-map)#
Creates a dynamic crypto map entry and enters
crypto map configuration mode.
See Cisco IOS Security Command Reference for
more detail about this command.
Step 2
set transform-set transform-set-name
[transform-set-name2...transform-set-name6]
Example:
Router(config-crypto-map)# set
transform-set vpn1
Router(config-crypto-map)#
Specifies which transform sets can be used with
the crypto map entry.
Step 3
reverse-route
Example:
Router(config-crypto-map)# reverse-route
Router(config-crypto-map)#
Creates source proxy information for the crypto
map entry.
See Cisco IOS Security Command Reference for
details.

Table of Contents

Related product manuals