About The Autopeer Option; Configuring The Autopeer Option - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

Crypto IPv4-ACLs
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

About the AutoPeer Option

Setting the peer address as auto-peer in the crypto map indicates that the destination endpoint of the
traffic should be used as the peer address for the SA. Using the same crypto map, a unique SA can be set
up at each of the endpoints in the subnet specified by the crypto map's IPv4-ACL entry. Auto-peer
simplifies configuration when traffic endpoints are IPsec capable. It is particularly useful for iSCSI,
where the iSCSI hosts in the same subnet do not require separate configuration.
Figure 37-7
option, only one crypto map entry is needed for all the hosts from subnet X to set up SAs with the switch.
Each host will set up its own SA, but will share the crypto map entry. Without the auto-peer option, each
host needs one crypto map entry.
See the
Figure 37-7

Configuring the AutoPeer Option

To configure the auto-peer option, follow these steps:
Command
Step 1
switch# config terminal
switch(config)#
Step 2
switch(config)# crypto map domain ipsec
SampleMap 31
ips-hac1(config-crypto-map-ip)#
Cisco MDS 9000 Family CLI Configuration Guide
37-26
shows a scenario where the auto-peer option can simplify configuration. Using the auto-peer
"Sample iSCSI Configuration" section on page 37-39
iSCSI with End-to-End IPsec Using the auto-peer Option
Subnet X
Host 2
Host 1
iPSEC
iPSEC
iPSEC
Host 3
iPSEC
Router
Purpose
Enters configuration mode.
Places you in the crypto map configuration mode for
the entry named SampleMap with 31 as its sequence
number.
Chapter 37 Configuring IPsec Network Security
for more details.
MDS A
OL-18084-01, Cisco MDS NX-OS Release 4.x