Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Crypto Map Mode Commands

XSR CLI Reference Guide 14-113

Mode

CryptoMapconfiguration:XSR(config-crypto-m)#

Example

Thisexampledefinesatransform‐setandchangesthemodetotransportmode.Themodevalue

onlyappliestoIPtrafficwithsourceanddestinationaddressesatthelocalandremoteIPSecpeers.

XSR(config)#crypto ipsec transform-set newer esp-des esp-sha-hmc

XSR(config)crypto map ACMEmap 14

XSR(config-crypto-m)#mode transport

set peer

ThiscommandspecifiesanIPSecpeerinacryptomapentry.Whentrafficpassingthroughthe

interfacematchesacryptomapentry,atunnelisopenedtothepeerspecifiedbythiscommand.

Syntax

set peer ip-address

Syntax of the “no” Form

ToremoveanIPSecpeerfromacryptomapentry,usethenoformofthiscommand:

no set peer {hostname | ip-address}

Default

Nopeerisdefined

Mode

CryptoMapconfiguration:XSR(config-crypto-m)#

Example

ThisexampleshowsacryptomapconfigurationwhenIKEisusedtobuildSecurityAssociations.

Inthisexample,anSAcouldbesetupwitheithertheIPSecpeerat10.0.0.1orthepeerat10.0.0.2.

XSR(config)#crypto map ACMEmap 7 ipsec-isakmp

XSR(config-crypto-m)#match address 101

XSR(config-crypto-m)#set transform-set my_t_set1

XSR(config-crypto-m)#set peer 10.0.0.1

ip-address

SpecifiestheIPSecpeerbyitsIPaddress.

previous next