Motorola WS5100 Series Cli Reference Manual page 267
Hide thumbs
Also See for WS5100 Series:
- Reference manual (444 pages) ,
- Migration giude (198 pages) ,
- Troubleshooting manual (100 pages)
Table of Contents
Advertisement
inbound/outbound
(ah|esp)
transformset <name>
Usage Guidelines
WS5100(config-crypto-map)#set peer (name)
If no peer IP address is configured, the manual crypto map is not valid and not complete.
A peer IP address is required for manual crypto maps. To change the peer IP address, the
no set peer command must be issued first; then the new peer IP address can be configured.
WS5100(config-crypto-map)#set pfs
If left at the default setting, no perfect forward secrecy (PFS) is used during IPSec SA key
generation. If PFS is specified, the specified Diffie-Hellman Group exchange is used for the
initial (and all subsequent) key generation. This means no data linkage between prior keys
and future keys.
WS5100(config-crypto-map)#set security-association lifetime
(kilobytes|seconds)
Values can be entered in both kilobytes and seconds. Whichever limit is reached first, ends
the security association.
WS5100(config-crypto-map)#set session-key
(inbound|outbound)(ah|esp)
WS5100(config-crypto-map)#set session-key (inbound|outbound) ah
<hexkey data>
WS5100(config-crypto-map)#set session-key (inbound|outbound) esp
<SPI> cipher <hexdata key> authenticator <hexkey data>
Defines encryption keys for inbound/outbound traffic
• ah – Authentication header protocol
• <256-4294967295> – Security Parameter
Index (SPI) for the security association
• esp – Encapsulating security payload protocol
• <256-4294967295> – Derfines the security
parameter Index
• cipher – Specify encryption/decryption
key
• authenticator <hex key data> – Specify
an authentication key
Use the set transform-set command to assign a transform-
set to a crypto map.
crypto-map
10-9
- Quick Links:
- Cli Overview
Hide quick links:
Advertisement
Table of Contents
