Crypto Map Mode Commands
14-114 Configuring the VPN
set security-association level per-host
ThiscommandspecifiesthatseparateIPSecSecurityAssociations(SAs)shouldberequestedfor
eachsource/destinationhostpair.
Syntax
set security-association level per-host
Syntax of the “no” Form
ThenoformspecifiesthatoneSAshouldberequestedforeachcryptomapACLpermitentry.
no set security-association level per-host
Default
Foragivencryptomap,alltrafficbetweentwoIPSecpeersmatchingasinglecryptomapACL
permitentrywillsharethesameSA.
Mode
CryptoMapconfiguration:XSR(config-crypto-m)#
Example
ThefollowingexamplesetstheSArequestonaper‐hostbasis:
XSR(config)crypto map ACMEmap
XSR(config-crypto-m)#set security-association level per-host
set transform-set
Thiscommandspecifieswhichtransform‐setscanbeusedwiththecryptomapentry.
Syntax
set transform-set transform-set-name1 [transform-set-name2...transform-set-name6]
Syntax of the “no” Form
Thenoformofthiscommandremovesalltransform‐setsfromacryptomapentry:
no set transform-set
Mode
CryptoMapconfiguration:XSR(config-crypto-m)#
transform-set-name
Nameofthetransform‐set.Upto6canbespecified.