Table of Contents
Advertisement
crypto-local ipsec-map
crypto-local
crypto-local ipsec-map <map> <priority>
dst-net <ipaddr> <mask>
force-natt
no ...
local-fqdn <local_id_fqdn>
peer-cert-dn <peer-dn>
peer-fqdn any-fqdn|{peer-fqdn <peer-id-fqdn>}
peer-ip <ipaddr>
pre-connect {disable|enable}
set ca-certificate <cacert-name>
set pfs {group1|group2|group19|group20}
set security-association lifetime seconds <seconds>
set server-certificate <cert-name>
set transform-set <name1> [<name2>] [<name3>] [<name4>]
src-net <ipaddr> <mask>
trusted {disable|enable}
version v1|v2
vlan <vlan>
Description
This command configures IPsec mapping for site-to-site VPN.
Syntax
Parameter
<map>
<priority>
dst-net
force-natt
no
local-fqdn <local_id_fqdn>
peer-cert-dn <peer-dn>
peer-ip <ipaddr>
Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
Description
Name of the IPsec map.
Priority of the entry.
IP address and netmask for the
destination network.
Include this parameter to always enforce
UDP 4500 for IKE and IPsec. This option
is disabled by default.
Negates a configured parameter.
If the local controller has a dynamic IP
address, you must specify the fully
qualified domain name (FQDN) of the
controller to configure it as a initiator of
IKE aggressive-mode.
If you are using IKEv2 to establish a site-
to-site VPN to a statically addressed
remote peer, identify the peer device by
entering its certificate subject name in
the Peer Certificate Subject Name field
If you are using IKEv1 to establish a site-
Rang-
Default
e
—
—
1-9998
—
—
—
—
—
—
—
—
—
crypto-local ipsec-map | 217
Advertisement
Table of Contents
