Motorola RFS7000 Reference Manual page 365

session-key
inbound/outbound
(ah|esp)
transformset <name>
Usage Guidelines
RFSwitch(config-crypto-map)#set peer (name)
If no peer IP address is configured, the manual crypto map is not valid and not complete.
A peer IP address is required for manual crypto maps. To change the peer IP address, the
no set peer command must be issued first; then the new peer IP address can be configured.
RFSwitch(config-crypto-map)#set pfs
If left at the default setting, no perfect forward secrecy (PFS) is used during IPSec SA key
generation. If PFS is specified, the specified Diffie-Hellman Group exchange is used for the
initial (and all subsequent) key generations. This means no data linkage between prior
keys and future keys.
RFSwitch(config-crypto-map)#set security-association lifetime
(kilobytes|seconds)
Use the set session-key command to define the encryption
and authentication keys for this crypto map
• inbound – Defines encryption keys for inbound traffic
• outbound – Defines encryption keys for outbound traffic
Defines encryption keys for inbound/outbound traffic
• ah – Authentication header protocol
• <256-4294967295> – Security Parameter
Index (SPI) for the security association
• esp – Encapsulating security payload protocol
• <256-4294967295> – Defines the security
parameter index
• cipher – Specify encryption/decryption
key
• authenticator <hex key data> – Specify
an authentication key
Use the set transform-set command to assign a transform-
set to a crypto map
Crypto-map Instance 10-13