Motorola WS5100 Series Reference Manual page 329

e. Define a SA Lifetime (Kb)
has passed through the IPSec tunnel using the security association.
f. Use the ACL ID
selected ACL.
g. Use the PFS
received from the peer.
h. Use the Remote Type
i. Use the Mode
enables you to configure pre-shared keys as Radius tunnel attributes for IP Security (IPSec) peers.
j. Optionally select the
for each source/destination host pair.
k. Optionally select the
the aggressive mode (if selected from the Mode drop-down menu).
l. Refer to the
or remove existing peers. For information on adding or modifying peers, see
Crypto Map Peers on page
m. Refer to the
Crypto Map. Again, a transform set represents a combination of security protocols and algorithms.
During the IPSec security association negotiation, peers agree to use a particular transform set for
protecting data flow.
7. Click OK to save the new Crypto Map and display it within the Crypto Map tab.
6.8.4.2 Crypto Map Peers
To review, revise or add Crypto Map peers:
1. Select Security
to time out the security association after the specified traffic (in kilobytes)
drop-down menu to permit a Crypto Map data flow using the permissions within the
drop-down menu to specify a group to require perfect forward secrecy (PFS) in requests
drop-down menu to specify a remote type (either
drop-down menu to specify a mode of
SA Per Host checkbox to specify that separate IPSec SAs should be requested
Mode Config checkbox to allow the new Crypto Map to be implemented using
Peers (add choices) field and use the Add and Delete functions as necessary to add
6-59.
Transform Sets (select one)
> IPSec VPN from the main menu tree.
Main or Aggressive. Aggressive mode
field to select and assign a transform set for v with
6-59
Switch Security
XAuth or L2TP).