Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Crypto Map Mode Commands

14-114 Configuring the VPN

set security-association level per-host

ThiscommandspecifiesthatseparateIPSecSecurityAssociations(SAs)shouldberequestedfor

eachsource/destinationhostpair.

Syntax

set security-association level per-host

Syntax of the “no” Form

ThenoformspecifiesthatoneSAshouldberequestedforeachcryptomapACLpermitentry.

no set security-association level per-host

Default

Foragivencryptomap,alltrafficbetweentwoIPSecpeersmatchingasinglecryptomapACL

permitentrywillsharethesameSA.

Mode

CryptoMapconfiguration:XSR(config-crypto-m)#

Example

ThefollowingexamplesetstheSArequestonaper‐hostbasis:

XSR(config)crypto map ACMEmap

XSR(config-crypto-m)#set security-association level per-host

set transform-set

Thiscommandspecifieswhichtransform‐setscanbeusedwiththecryptomapentry.

Syntax

set transform-set transform-set-name1 [transform-set-name2...transform-set-name6]

Syntax of the “no” Form

Thenoformofthiscommandremovesalltransform‐setsfromacryptomapentry:

no set transform-set

Mode

CryptoMapconfiguration:XSR(config-crypto-m)#

transform-set-name

Nameofthetransform‐set.Upto6canbespecified.

previous next