Crypto IPv4-ACLs
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
You see more columns shown in
Figure 44-26
Double-click and modify the value in the Life Time(sec) column.
Step 4
Click Apply Changes to save your changes.
Step 5
About the AutoPeer Option
Setting the peer address as AutoPeer in the crypto map indicates that the destination endpoint of the
traffic should be used as the peer address for the SA. Using the same crypto map, a unique SA can be set
up at each of the endpoints in the subnet specified by the crypto map's IPv4-ACL entry. Auto-peer
simplifies configuration when traffic endpoints are IPsec capable. It is particularly useful for iSCSI,
where the iSCSI hosts in the same subnet do not require separate configuration.
Figure 44-27
auto-peer option, only one crypto map entry is needed for all the hosts from subnet X to set up SAs with
the switch. Each host will set up its own SA, but will share the crypto map entry. Without the auto-peer
option, each host needs one crypto map entry.
Cisco MDS 9000 Family CLI Configuration Guide
44-32
Figure
Existing Crypto Maps - Rightmost Columns
shows a scenario where the auto-peer option can simplify configuration. Using the
Chapter 44
44-26.
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Configuring IPsec Network Security