Concept Guide
Parameter Description Range Default
pre-connect
Enables or disables pre-connection. enable/
disable
disabled
set ike1-policy
<policy-v1-number>
Select an IKEv1 policy for the ipsec-map.
Predefined policies are described in the
table below.
— —
set ikev2-policy
<policy-v2-number>
Select IKEv2 policy for the ipsec-map.
Predefined policies are described in the
table below.
— —
set ca-certificate
<cacert-name>
User-defined name of a trusted CA
certificate installed in the controller. Use the
show crypto-local pki TrustedCA
command to display the CA certificates that
have been imported into the controller.
— —
set pfs
If you enable Perfect Forward Secrecy (PFS)
mode, new session keys are not derived
from previously used session keys.
Therefore, if a key is compromised, that
compromised key will not affect any
previous session keys. To enable this
feature, specify one of the following Perfect
Forward Secrecy modes:
l group1 : 768-bit Diffie Hellman prime
modulus group.
l group2: 1024-bit Diffie Hellman prime
modulus group.
l group14: 2048-bit Diffie Hellman prime
modulus group.
l group19: 256-bit random Diffie Hellman
ECP modulus group. (For IKEv2 only)
l group20: 384-bit random Diffie Hellman
ECP modulus group. (For IKEv2 only)
group1
group2
group14
group19
group20
disabled
set security-association
lifetime
Configures the lifetime for the security
association (SA).
set seconds <seconds>
In seconds
300-86400 7200
seconds
kilobytes <kilobytes>
In kilobytes
1000 -
1000000000
—
set server-certificate
<cert-name>
User-defined name of a server certificate
installed in the controller. Use the show
crypto-local pki ServerCert command to
display the server certificates that have
been imported into the controller.
— —
Dell Networking W-Series ArubaOS 6.5.x | Reference Guide crypto-local ipsec-map | 315