IP Security
Manual Crypto Map Configuration
This section provides instructions for configuring manual crypto maps on the system.
Important:
are not as secure as crypto maps that rely on dynamically configured keys. Therefore, it is recommended that they only
be configured and used for testing purposes.
Important:
system. For more information on commands that configure additional parameters and options, refer to the Context
Configuration Mode Commands and Crypto Map Manual Configuration Mode chapters in the Command Line Interface
Reference.
To configure the manual crypto maps for IPSec:
Step 1
Configure manual crypto map by applying the example configuration in the
Step 2
Verify your manual crypto map configuration by following the steps in the
Configuration
section.
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command
save configuration
System Administration Guide and the Command Line Interface Reference.
Configuring Manual Crypto Maps
Use the following example to create the manual crypto map on your system:
configure
context <ctxt_name>
crypto map <map_name> ipsec-manual
set peer <agw_address>
match address <acl_name> [ preference ]
set transform-set <transform_name>
set session-key { inbound | outbound } { ah <ah_spi> [ encrypted ] key <ah_key>
| esp <esp_spi> [ encrypted ] cipher <encryption_key> [ encrypted ] authenticator
<auth_key> }
end
Notes:
<
ctxt_name
OL-25069-03
Because manual crypto map configurations require the use of static security keys (associations), they
This section provides the minimum instruction set for configuring manual crypto maps on the
. For additional information on how to verify and save configuration files, refer to the
> is the system context in which you wish to create and configure the manual crypto maps.
Configuring Manual Crypto Maps
Verifying the Manual Crypto Map
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
Manual Crypto Map Configuration ▀
section.
161