HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 479

16. You can associate the crypto map entry with the IKE policy configured
for the remote peer.
Syntax: ike-policy <policy number>
17. Assign up to six transform sets to the crypto map entry:
Syntax: set transform-set <setname1> [<setname2>] [<setname3>]
[<setname4>] [<setname5>] [<setname6>]
18. Apply the ACL to the crypto map entry:
Syntax: match address <ACL listname>
19. Set IPSec SA lifetime (unless accepting default). You can configure it in
kilobytes, seconds, or both:
Syntax: set security-association lifetime [kilobytes <kilobytes> | seconds <sec-
onds>]
20. If the router is connecting to more than one remote site, repeat steps 14
through 18 for each site. Use the same mapname for each entry, but a
different map index number. You can also configure a crypto map entry
to connect to mobile users. (See "Configuring a Client-to-Site VPN" on
page 8-94).
21. Exit to the global configuration mode context. Configure a remote ID list
that contains authentication information for remote peers. If you are using
preshared keys for authentication, associate the preshared key with the
peer. You can optionally associate a peer with the IKE policy and crypto
map entry that should be used with that peer.
For the remote ID, you can specify:
• IP address:
Syntax: crypto ike remote-id address <peer A.B.C.D> [preshared-key
<preshared key>] [ike-policy <policy number>] [crypto map <mapname>
<map sequence>]
• fully-qualified domain name (FQDN):
Syntax: crypto ike remote-id fqdn <peer FQDN> [preshared-key <preshared
key>] [ike-policy <policy number>] [crypto map <mapname> <map
sequence>]
• email address:
Syntax: crypto ike remote-id user-fqdn <peer email address> [preshared-
key <preshared key>] [ike-policy <policy number>] [crypto map <mapname>
<map sequence>]
Virtual Private Networks
Quick Start
8-93