Table of Contents
Advertisement
Chapter 4
Configuring the SA-VAM2+
Command
Step 5
Router(config-crypto-m)# set session-key inbound ah
spi hex-key-string
and
Router(config-crypto-m)# set session-key outbound ah
spi hex-key-string
Step 6
Router(config-crypto-m)# set session-key inbound esp
spi cipher hex-key-string [authenticator
hex-key-string]
and
Router(config-crypto-m)# set session-key outbound
esp spi cipher hex-key-string [authenticator
hex-key-string]
Step 7
Router(config-crypto-m)# exit
To create crypto map entries that will use IKE to establish the security associations, use the following
commands starting in global configuration mode:
Command
Step 1
Router(config)# crypto map map-name seq-num
ipsec-isakmp
Step 2
Router(config-crypto-m)# match address
access-list-id
Step 3
Router(config-crypto-m)# set peer {hostname |
ip-address}
Step 4
Router(config-crypto-m)# set transform-set
transform-set-name1
[transform-set-name2...transform-set-name6]
Step 5
Router(config-crypto-m)# set security-association
lifetime seconds seconds
and
Router (config-crypto-m)# set security-association
lifetime kilobytes kilobytes
OL-5979-03
Purpose
Sets the AH Security Parameter Indexes (SPIs) and
keys to apply to inbound and outbound protected
traffic if the specified transform set includes the AH
protocol.
(This manually specifies the AH security association
to be used with protected traffic.)
Sets the ESP Security Parameter Indexes (SPIs) and
keys to apply to inbound and outbound protected
traffic if the specified transform set includes the ESP
protocol. Specifies the cipher keys if the transform set
includes an ESP cipher algorithm. Specifies the
authenticator keys if the transform set includes an
ESP authenticator algorithm.
(This manually specifies the ESP security association
to be used with protected traffic.)
Exits crypto-map configuration mode and return to
global configuration mode.
Purpose
Names the crypto map entry to create (or modify).
This command puts you into the crypto map
configuration mode.
Names an extended access list. This access list
determines which traffic should be protected by
IPSec and which traffic should not be protected by
IPSec security in the context of this crypto map entry.
Specifies a remote IPSec peer. This is the peer to
which IPSec protected traffic can be forwarded.
Repeat for multiple remote peers.
Specifies which transform sets are allowed for this
crypto map entry. List multiple transform sets in
order of priority (highest priority first).
(Optional) Specifies a security association lifetime
for the crypto map entry.
Use this command if you want the security
associations for this crypto map entry to be
negotiated using different IPSec security association
lifetimes than the global lifetimes.
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
Configuration Tasks
4-11
Advertisement
Table of Contents
