Activating Ipsec To A Remote Peer - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

11-10 WS5100 Series Switch Migration Guide

You can create Cypto Map Set if:

• Connection is required for multiple remote peers OR

• Different types of protection is required to the same peer

A crypto map entry has sequence number associated with it.

Follow the CLI commands mentioned below to create a Crypto Map:

1. Create a crypto map with sequence number10 for remote peer 10.1.1.103 using IKE.

WS5100(config)# crypto map Test1 10 ipsec-isakmp

2. Configure the remote peer address.

WS5100(config-crypto-map)# set peer 10.1.1.103

3. Specify the Crypto ACL to use.

WS5100(config-crypto-map)# match address 101

4. Define the transform set for the data traffic.

WS5100(config-crypto-map)# set transform-set transform1

To create multiple crypto maps, follow the CLI commands mentioned below:

1. Create another crypto map with sequence number20 for remote peer 10.1.1.103 using IKE.

WS5100(config)# crypto map Test2 10 isakmp

2. Configure the remote peer address.

WS5100(config-crypto-map)# set peer 10.1.1.103

3. Specify the Crypto ACL to use.

WS5100(config-crypto-map)# match address 101

4. Define the transform set for the data traffic.

WS5100(config-crypto-map)# set transform-set transform2

11.3.6 Activating IPSec to a Remote Peer

Crypto map set must applied to an VLAN interface, so that IKE and IPSec SA can be applied on traffic that

matches the Crypto ACL.

If no crypto map set is applied to an interface, then the interface allows both incoming and outgoing traffic

by default. If a crypto map gets applied and a traffic does not match the ACL, then the traffic is passed in

plaintext packet.

To apply the crypto map to an interface, follow the CLI commands mentioned below:

1. Create an interface.

WS5100(config)# interface vlan1

2. Assign the crypto map to the interface.

WS5100(config-if)# crypto map Test1

NOTE: For site-site VPN, the interface on which crypto map is applied should represent

the WAN subnet. For remote VPN, the interface should represent the local subnet.

Table of Contents

Activating Ipsec To A Remote Peer - Motorola WS5100 Series Migration Giude

11.3.6 Activating IPSec to a Remote Peer

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents