Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Crypto Map Mode Commands

14-112 Configuring the VPN

Syntax of the “no” Form

UsethenoformtoremovetheACLfromacryptomapentry:

no match address [access-list-id]

Default

Noaccesslistsarematchedtothecryptomapentry.

Mode

CryptoMapconfiguration: XSR(config-crypto-m)#

Example

Thefollowingstaticcryptomapexampleshowstheminimumrequiredcryptomapconfiguration

whenIKEwillbeusedtoestablishtheSAs:

XSR(config)#crypto map ACMEmap 7 ipsec-isakmp

XSR(config-crypto-m)#match address 101

XSR(config-crypto-m)#set transform-set my_t_set1

XSR(config-crypto-m)#set peer 10.0.0.1

mode

ThiscommandselectsoneoftwoIPSec‐definedencapsulationmodes,tunnelortransport,fora

transform‐set.Tunnelmode,thedefault,typicallyisusedwithVPNsbecausetheentireprivate

networkpacketiscarriedasthepayloadoftheIPSecpacket.Transportmodecarriesonlythe

payload(TCPorUDPtypically)

oftheprivatenetworkpacketasthepayloadoftheIPSecpacket.

Syntax

mode [tunnel | transport]

Syntax of the “no” Form

Thenoformofthiscommandresetsthemodetothedefault:

no mode

Default

Tunnelmode

access-list-id

IdentifiestheextendedACLbyitsnumber.Thisvalueshouldmatch

theaccess‐list‐numberargumentoftheACLbeingmatched.

Note: Transport mode must be selected for a Windows L2TP/IPSec client to operate properly.

tunnel

Tunnelmode.

transport

Transportmode.

previous next