Chapter6IPSecIPv4NetworkSafecommands
cryptomapisakmpdynamic
PurposeUsethiscommandtoapplydynamicpolicytothestaticpolicyset.
CommandModesGlobalconguration
Syntaxcryptomap<map-name><seq-number>isakmpdynamic
<dynamic-map-name>
nocryptomap<map-name><seq-number>isakmpdynamic
Syntax
Description
<dynamic-map-na
me>
Dynamicsecuritypolicysetname,string,less
than18characters
<map-name>
Securitypolicysetname,string,lessthan18
characters
<seq-number>Policysequencenumber ,range:1~65535
Instructions�Theplatformversion4.8.01andupgradeversionssupportthis
command.
�ItisimplementedmainlyonGARcurrently.
�Makesurethatthedynamicpolicysetandstaticpolicysethave
alreadybeencreatedbeforethiscommandisused.Theprior-
ityofthedynamicpolicysetisthelowestinthestaticpolicy
set(itmeansthatthecorrespondingsequencenumberofthe
dynamicpolicysetinthestaticpolicysetisthelargest).If
thesequencenumberofthestaticpolicysetislargerthanthat
ofthedynamicpolicyset,thenthecongurationgoeswrong.
Thenoformofthiscommandmeansremovingthedynamic
policysetfromthestaticpolicyset.
ExampleThisexampledescribeshowtocreateanIPSecsecuritypolicy
namedmymapandsetastaticmapbindingdynamicmaps.
ZXR10(config)#cryptomapmymap123isakmpdynamicdynmap
ZXR10(config-crypto-map)#showcrymapmymap123
CryptoMap“mymap“123ipsec-isakmp:
Peer:notconfigure
accesslist:notconfigure
Securityassociationlifetime:0kilobytes/28800seconds
DHgroup:none
pfslevel(None/key-identity):none
Transformsets:{
}
nesting:0
Dynamicmaptemplatetag:dynmap
ZXR10(config-crypto-map)#exit
ZXR10(config)#nocryptomapmymap123isakmpdynamic
ZXR10(config-crypto-map)#showcrymapmymap123
Related
Commands
cryptodynamic-map
cryptomap
showcryptomap
CondentialandProprietaryInformationofZTECORPORATION73
To Next Page
Loading...
