IP Security
<
map_name
<
acl_name
Tunnel Failover feature and match the crypto map to a previously defined crypto ACL. This is an optional
parameter.
<
group_name
the IPSec Tunnel Failover feature. This is an optional parameter. For more information, refer to the
IPSec Tunnel Fail-Over
For more information on parameters, refer to the Crypto Map ISAKMP Configuration Mode Commands chapter
in the Command Line Interface Reference.
Verifying the ISAKMP Crypto Map Configuration
These instructions are used to verify the ISAKMP crypto map configuration.
Step 1
Verify that your ISAKMP crypto map configurations by entering the following command in Exec Mode in specific
context:
show crypto map [ tag map_name | type ipsec-isakmp ]
This command produces an output similar to that displayed below that displays the configuration of a crypto map named
test_map2.
Map Name : test_map2
========================================
Payload :
crypto_acl2: permit tcp host 10.10.2.12 neq 35 any
Crypto map Type : ISAKMP
IKE Mode : MAIN
IKE pre-shared key : 3fd32rf09svc
Perfect Forward Secrecy : Group2
Hard Lifetime :
28800 seconds
4608000 kilobytes
Number of Transforms: 1
Transform : test1
AH : none
ESP: md5 3des-cbc
Encaps mode: TUNNEL
OL-25069-03
> is name by which the ISAKMP crypto map will be recognized by the system.
> is name of the pre-configured ACL. It is used for configurations not implementing the IPSec
> is name of the Crypto group configured in the same context. It is used for configurations using
section of this chapter.
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
ISAKMP Crypto Map Configuration ▀
Redundant
157