User manual
Motorola RF Switch CLI Reference Guide
10-14
Usage Guidelines
RFSwitch(config-crypto-map)#set peer name
If no peer IP address is configured, the manual crypto map is not valid and not complete.
A peer IP address is required for manual crypto maps. To change the peer IP address, the
no set peer command must be issued first; then the new peer IP address can be configured.
security-association
[level perhost|lifetime
{kilobyte|seconds}]
Defines the lifetime (in kilobytes and/or seconds) of the
IPSec SAs created by this crypto map
• level perhost – Specifies the security association
granularity level for identities
• lifetime [kilobyte|seconds] – Security an association
lifetime
session-key
[inbound|outbound]
{ah|esp}
<256-4294967295>
cipher
Use the set session-key command to define the encryption
and authentication keys for this crypto map
• inbound [ah|esp] – Defines encryption keys for inbound
traffic
• outbound [ah|esp] – Defines encryption keys for
outbound traffic
Note: For information on how to create a key for
authentication and encryption, refer Usage Guideline in
Global Configuration Commands under crypto on page 5-22.
• ah <256-4294967295> – Authentication header protocol
• <256-4294967295> – Security Parameter Index (SPI)
for the security association
• esp <256-4294967295>– Encapsulating security payload
protocol
• <256-4294967295> cipher – Defines the security
parameter index
• cipher – Specify encryption/decryption key
Note: authenticator <hex key data> – Specify an
authentication key
transformset <name> Use the set transform-set command to assign a transform-
set to a crypto map