Specifications
Chapter 11 Configuring Encryption Services
Configuring the Encryption Service Adapter
11-6
Catalyst 4224 Access Gateway Switch Software Configuration Guide
OL-2031-02
Step 4
Create a crypto map
3
denoted by map-name. Enter
crypto map configuration mode, unless you use
the dynamic keyword.
seq-num is the number you assign to the crypto
map entry.
ipsec-isakmp indicates that IKE will be used to
establish the IPSec security associations for
protecting the traffic specified by this crypto map
entry.
dynamic is an optional argument specifying that
this crypto map entry references a preexisting
dynamic crypto map. Dynamic crypto maps are
policy templates used in processing negotiation
requests from a peer IPSec device. If you use this
keyword, none of the crypto map configuration
commands will be available.
dynamic-map-name specifies the name of the
dynamic crypto map set that should be used as the
policy template.
Gateway(config)# crypto map map_name
seq_num ipsec-isakmp [dynamic
dynamic_map_name] [discover]
Step 5
Specify the same remote IPSec peer that you
specified in Step 4 in the previous procedure,
“Step 2: Configure the Internet Key Exchange
Security Protocol” section on page 11-3.
Gateway(config-crypto map)# set peer
hostname|ip_address
Step 6
For this crypto map entry, specify the same
transform set that you specified in Step 2 of this
procedure.
Gateway(config-crypto map)# set
transform-set transform_set_name
Step 7
Specify an extended access list for a crypto map
entry. This value should match the
access-list-number or name argument of the
extended access list.
Gateway(config-crypto map)# match
address [access_list_id | name]
Task Command