1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. SA-VAM - VPN Acceleration Module
  6. Installation and configuration manual

Creating Crypto Access Lists - Cisco SA-VAM - VPN Acceleration Module Installation And Configuration Manual

Vpn acceleration module 2+ (vam2+) installation and configuration guide
Hide thumbs
Table of Contents

Advertisement

Chapter 4
Configuring the SA-VAM2+
Step
Command
Step 1
Router# enable
Step 2
Router# configure terminal
Step 3
Router(config)# crypto ipsec
security-association lifetime seconds seconds
Step 4
Router(config)# crypto ipsec
security-association lifetime kilobytes
kilobytes
Step 5
Router(config)# clear crypto sa
or
Router(config)# clear crypto sa peer {ip-address
| peer-name}
or
Router(config)# clear crypto sa map map-name
or
Router (config)# clear crypto sa entry
destination-address protocol spi

Creating Crypto Access Lists

Crypto access lists define which IP traffic will be protected by encryption. (These access lists are not the
same as regular access lists, which determine what traffic to forward or block at an interface.) For
example, access lists can be created to protect all IP traffic between Subnet A and Subnet Y or Telnet
traffic between Host A and Host B.
To create crypto access lists, use the following command in global configuration mode:
OL-5979-03
Purpose
Enables privileged EXEC mode. Enter your password if
prompted.
Enters global configuration mode.
Changes global lifetime values used when negotiating
IPSec security associations (SAs). To reset a lifetime to
the default value, use the no form of this command.
Specifies the number of seconds a security association
will live before expiring. The default is 3600 seconds (one
hour).
Changes the global "traffic-volume" lifetime for IPSec
SAs.
Specifies the volume of traffic (in kilobytes) that can pass
between IPSec peers using a given security association
before that security association expires. The default is
4,608,000 kilobytes.
(Optional) Clears existing security associations. This
causes any existing security associations to expire
immediately; future security associations will use the new
lifetimes. Otherwise, any existing security associations
will expire according to the previously configured
lifetimes.
Using the clear crypto sa command without
Note
parameters will clear out the full SA database,
which will clear out active security sessions. You
may also specify the peer, map, or entry
keywords to clear out only a subset of the SA
database. For more information, see the clear
crypto sa command.
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
Configuration Tasks
4-9

Advertisement

Table of Contents
loading

Related Manuals for Cisco SA-VAM - VPN Acceleration Module

Related Content for Cisco SA-VAM - VPN Acceleration Module

This manual is also suitable for:

Sa-vam2+

Table of Contents