Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Interface VPN Commands

14-122 Configuring the VPN

crypto ezipsec

ThiscommandcreatesasuiteofIPSecpolicies,sortedbycryptograp hicstrength,thatareoffered

totheremotesecuritygateway.Thegatewayselectsoneofthesepoliciesbasedonitslocal

configuration.EZ‐IPSecreliesupontheIKEModeConfigurationprotocoltoobtainan IPaddress

fromtheremotesecuritygateway.

AnEZ‐IPSeccryptomapisalsocreatedandattachedtotheinterfaceunderconfiguration.Referto

theXSRUser’sGuideforspecificexamplesandhow

crypto ezipsecisusedwithRIPandNAT. 

Beawareofthefollowingrulesgoverningthiscommand:

•

Crypto ezipsecmaynotbeenabledonaninterfacethatalreadyhasacryptomap.

•Cryptomapsmaybeattachedtoothernetworkinterfaces.

•EZ‐IPSecparameterscannotbechangedbutcanbesupplementedwithcustomvalues.

Syntax

crypto ezipsec

Syntax of the “no” Form

no crypto ezipsec

Default

Disabled

Mode

Interfaceconfiguration:XSR(config-if<xx>)#

Example

ThefollowingexampleconfiguresEZ‐IPSeconSerialinterface 1:

XSR(config-if<S1/0>)#crypto ezipsec

Interface VPN Commands

interface vpn

ThiscommandacquiresvirtualInterfaceVPNconfigurationmodefromwhichyoucanconfigure

thefollowingsub‐commands:

•

copy-tos‐CopiesTOSbitsduringtheencapsulation/decapsulationprocess.Referto

page14‐124forthecommanddefinition.

•

description -DescribestheVPNinterface.Refertopage14‐125forthecommand

definition.

•

ip address negotiated - Requiresasite‐to‐sitetunneltoobtainanIPaddressfromthe

remotetunnelgatewayviaPPPorIKEModeConfig.Refertopage14‐126forthecommand

definition.

previous next