Users Guide
Parameter Description Range Default
l group1 : 768-bit Diffie Hellman prime
modulus group.
l group2: 1024-bit Diffie Hellman
prime modulus group.
l group14: 2048-bit Diffie Hellman
prime modulus group.
l group19: 256-bit random Diffie
Hellman ECP modulus group. (For
IKEv2 only)
l group20: 384-bit random Diffie
Hellman ECP modulus group. (For
IKEv2 only)
set security-association lifetime
Configures the lifetime for the security
association (SA).
set seconds <seconds>
In seconds 300-86400 7200
seconds
kilobytes <kilobytes>
In kilobytes 1000 -
1000000000
—
set server-certificate
<cert-name>
User-defined name of a server
certificate installed in the controller. Use
the show crypto-local pki ServerCert
command to display the server
certificates that have been imported into
the controller.
— —
set transform-set
<name1>
Name of the transform set for this IPsec
map. One transform set name is
required, but you can specify up to four
transform sets. Configure transform sets
with the crypto ipsec transform-set
command.
— default-
transfor
m
src-net <ipaddr>
<mask>
IP address and netmask for the source
network.
— —
trusted
Enables or disables a trusted tunnel. enable/
disable
disabled
version v1|v2
Select the IKE version for the IPsec map.
l v1: IKEv1
l v2: IKEv2
v1
vlan <vlan>
VLAN ID. Enter 0 for the loopback. 1-4094 —
Usage Guidelines
You can use controllers instead of VPN concentrators to connect sites at different physical locations.
Dell Networking W-Series ArubaOS 6.4.x | User Guide crypto-local ipsec-map | 330