Table of Contents
Advertisement
Command Reference Guide
commit-bit
Use the commit-bit command to set the commit-bit in the Internet Security Association and Key
Management Protocol (ISAKMP) header when sending the second message of quick mode on an IPSec
tunnel negotiation. Use the no form of this command to disable this feature.
Syntax Description
No subcommands.
Default Values
By default, the commit-bit will be used.
Command History
Release 12.1
Functional Notes
As an extra security measure, the commit-bit can be set by the responder of a quick mode negotiation to
force the initiator to wait for the fourth message of quick mode before bringing up its IPSec security
associations (SAs). By default, this feature is enabled on all AOS products with virtual private network
(VPN) capabilities. Some vendors, however, may have incorrect implementations of the commit-bit that do
not interoperate well with AOS products. In that case, the commit-bit should be disabled on all crypto maps
that have a peer that does not support the commit-bit.
Usage Examples
The following example disables the use of commit-bit:
(config)#crypto map MyMap 100 ipsec-ike
(config-crypto-map)#no commit-bit
The following example displays a configuration with the commit-bit disabled:
ip crypto
!
crypto ike-policy 100
initiate main
respond main
local-id address 10.10.10.1
peer 192.168.1.1
attribute 2
encryption aes-256-cbc
authentication pre-share
lifetime 3600
!
60000CRG0-35E
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
Crypto Map IKE Command Set
3918
Advertisement
Table of Contents
