ADTRAN 1000R Series Command Reference Manual page 377

Adtran network device manual
Hide thumbs Also See for 1000R Series:
Table of Contents

Advertisement

Command Reference Guide
Global Configuration Mode Command Set
If no transform set or access list is configured for a crypto map, the entry is incomplete and will have no
effect on the system.
When you apply a crypto map to an interface (using the crypto map command within the interface's
mode), you are applying all crypto maps with the given map name. This allows you to apply multiple crypto
maps if you have created maps that share the same name but have different map index numbers.
Usage Examples
The following example creates a new IPSec IKE crypto map called testMap with a map index of 10:
(config)#crypto map testMap 10 ipsec-ike
(config-crypto-map)#
Technology Review
A crypto map entry is a single policy that describes how certain traffic is to be secured. There are two types
of crypto map entries: ipsec-manual and ipsec-ike. Each entry is given an index, which is used to sort the
ordered list. When a nonsecured packet arrives on an interface, the crypto map set associated with that
interface is processed in order. If a crypto map entry matches the nonsecured traffic, the traffic is
discarded.
When a packet is to be transmitted on an interface, the crypto map set associated with that interface is
processed in order. The first crypto map entry that matches the packet will be used to secure the packet. If
a suitable security association (SA) exists, that is used for transmission. Otherwise, IKE is used to
establish an SA with the peer. If no SA exists, and the crypto map entry is "respond only," the packet is
discarded.
When a secured packet arrives on an interface, its security parameter index (SPI) is used to look up an SA.
If an SA does not exist, or if the packet fails any of the security checks (bad authentication, traffic does not
match SA selectors, etc.), it is discarded. If all checks pass, the packet is forwarded normally.
61200510L1-35E
Copyright © 2005 ADTRAN
377

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents

Save PDF