Manual
SecGW Service Creation
Crypto Templates ▀
SecGW Administration Guide, StarOS Release 17 ▄
31
You must create a crypto template before creating the WSG service that enables the SecGW.
Important: Refer to the IPSec Reference for comprehensive information regarding the creation of crypto
templates.
A sample crypto template is shown below. It represents the output of the show crypto template tag template_name
command.
Map Name: cryptotmplt01
=========================================
Map Status: Complete
Crypto Map Type: IPSEC IKEv2 Template
IKE SA Transform 1/1
Transform Set: ikesa-cryptotmplt01
Encryption Cipher: aes-chc-128
Pseudo Random Function: sha1
Hashed Message Authentication Code: sha1-96
Diffie-Hellman Group: 2
IKE SA Rekey: Disabled
Blacklist/Whitelist : None
OCSP Status: : Disabled
OCSP Nounce Status : Enabled
NAI: 99.99.99.30
Remote-secret-list: <not configured>
Authentication Local:
Phase 1 - Pre-Shared Key (Size = 3)
Self-certificate Validation: Disabled
IPSec SA Payload 1/1 (Generic)
Name : cryptotmplt01-sa0
Payload Local
Protocol 255 Port 0-0 Address Range 67.67.0.1-67.67.0.1
Payload Remote
Protocol 255 Port 0-0 Address Range 45.45.0.1-45.45.0.1
IPSec SA Transform 1/1
Transform Set: tselsa-cryptotmplt01
Protocol: esp
Encryption Cipher: aes-cbc-128
Hashed Message Authentication Code: sha1-96
Diffie-Hellman Group: none
IPSec SA Rekey: Enabled