Command Reference Guide
SROS Command Line Interface Reference Guide Crypto Map IKE Command Set
5991-2114 © Copyright 2005 Hewlett-Packard Development Company, L.P. 399
match address <listname>
Use the match address command to assign an IP access-list to a crypto map definition. The access-list
designates the IP packets to be encrypted by this crypto map. See ip access-list extended <listname> on
page 250 for more information on creating access-lists.
Syntax Description
<listname> Enter the name of the access-list you wish to assign to this crypto map.
Default Values
By default, no IP access-lists are defined.
Command Modes
(config-crypto-map)# Crypto Map Configuration Mode (IKE or Manual)
Functional Notes
Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead,
the crypto map entry refers to an access control list. An access control list (ACL) is assigned to the crypto
map using the match address command. If no ACL is configured for a crypto map, then the entry is
incomplete and will have no effect on the system.
The entries of the ACL used in a crypto map should be created with respect to traffic sent by the product.
The source information must be the local product and the destination must be the peer.
Only extended access-lists can be used in crypto maps.
Usage Examples
The following example shows setting up an ACL (called NewList) and then assigning the new list to a
crypto map (called NewMap):
(config)#ip access-list extended NewList
Configuring New Extended ACL "NewList"
(config-ext-nacl)#exit
(config)#crypto map NewMap 10 ipsec-ike
(config-crypto-map)#match address NewList