Switch Security
6-62
c. Use the None, Domain Name or Host Name radio buttons to select and enter the fully
qualified domain or host name of the host exchanging identity information.
d. Define a SA Lifetime (secs) to define an interval (in seconds) that (when expired) forces a new
association negotiation.
e. Define a SA Lifetime (Kb) to time out the security association after the specified amount of
traffic (in kilobytes) has passed through the IPSec tunnel using the security association.
f. Use the ACL ID drop-down menu to permit a Crypto Map data flow using the permissions within
the selected ACL.
g. Use the PFS drop-down menu to specify a group to require perfect forward secrecy (PFS) in
requests received from the peer.
h. Use the Remote Type drop-down menu to specify a remote type of either XAuth or L2TP.
i. Use the Mode drop-down menu to specify a mode of Main or Aggressive. Aggressive mode
enables you to configure pre-shared keys as Radius tunnel attributes for IP Security (IPSec) peers.
j. Optionally select the SA Per Host checkbox to specify that separate IPSec SAs should be
requested for each source/destination host pair.
k. Optionally select the Mode Config checkbox to allow the new Crypto Map to be implemented
using the aggressive mode (if selected from the Mode drop-down menu).
l. Refer to the Peers (add choices) field to select and use the Add and Delete buttons as
necessary to add or remove existing peers to the Crypto Map. For information on adding or
modifying peers, see Crypto Map Peers on page 6-62.
m. Refer to the Transform Sets (select one) field to select and assign a transform set for v with
Crypto Map. Again, a transform set represents a combination of security protocols and
algorithms. During the IPSec security association negotiation, peers agree to use a particular
transform set for protecting data flow.
7. Click OK to save the new Crypto Map and display it within the Crypto Map tab.
6.8.4.2 Crypto Map Peers
To review, revise or add Crypto Map peers:
1. Select Security > IPSec VPN from the main menu tree.
To Next Page
Loading...
Need help?
General
