Crypto Ipv4-Acls - Cisco MDS 9000 Series Configuration Manual

Security
Hide thumbs Also See for MDS 9000 Series:
Table of Contents

Advertisement

Clearing IKE Tunnels or Domains
Step 5
switch(config-ike-ipsec)# no initiator version 1
Defaults to IKEv2 for all devices.
Clearing IKE Tunnels or Domains
If an IKE tunnel ID is not specified for the IKE configuration, you can clear all existing IKE domain connections
by issuing the clear crypto ike domain ipsec sa command in EXEC mode.
switch# clear crypto ike domain ipsec sa
Caution
When you delete all the SAs within a specific IKEv2 tunnel, then that IKE tunnel is automatically deleted.
If an SA is specified for the IKE configuration, you can clear the specified IKE tunnel ID connection by
issuing the clear crypto ike domain ipsec sa IKE_tunnel-ID command in EXEC mode.
switch# clear crypto ike domain ipsec sa 51
Caution
When you delete the IKEv2 tunnel, the associated IPsec tunnel under that IKE tunnel is automatically deleted.
Refreshing SAs
Use the crypto ike domain ipsec rekey IPv4-ACL-index command to refresh the SAs after performing
IKEv2 configuration changes.

Crypto IPv4-ACLs

IP access control lists (IPv4-ACLs) provide basic network security to all switches in the Cisco MDS 9000
Family. IPv4 IP-ACLs restrict IP-related traffic based on the configured IP filters. See
Access Control Lists
In the context of crypto maps, IPv4-ACLs are different from regular IPv4-ACLs. Regular IPv4-ACLs determine
what traffic to forward or block at an interface. For example, IPv4-ACLs can be created to protect all IP traffic
between subnet A and subnet Y or Telnet traffic between host A and host B.
This section contains the following topics:
About Crypto IPv4-ACLs
Crypto IPv4-ACLs are used to define which IP traffic requires crypto protection and which traffic does not.
Crypto IPv4-ACLs associated with IPsec crypto map entries have four primary functions:
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
184
for details on creating and defining IPv4-ACLs.
Configuring IPSec Network Security
About IPv4 and IPv6

Advertisement

Table of Contents
loading

Table of Contents