- Planet WAN Router User's Manual
48
crypto ipsec security-association lifetime [ kilobytes | seconds] – to modify the time value when
negotiating Ipsec security.
crypto map map-name map number [ ipsec-isakmp | ipsec-manual] – create a crypto map entry.
Ipsec-isakmp is used to establish the Ipsec security for protecting the traffic. Ipsec-maunal is not using
IKE to establish the ipsec secutiry.
crypto map map name map number ipsec-manual
Ø Match address – specify the extended access list for crypto map
Ø Transform-set - specify the transform sets that used with the crypto map entry
Ø set peer [hostname | ip address] – specify the IPsec peer in a crypto map
Ø set session key [inbound | outbound] [ah| esp] spi [ciper] hex-key-data [authenticator]
hex-key-data
- inbound – set inbound session key
- outbound- set outbound session key
- ah – set AH protocol for Ipsec session key
- ciper - Indicates that the key is to be used with the ESP encryption .
- authenticator – (optional) Indicates that the key is to be used with the ESP encryption
crypto map map name map number ipsec-isakmp
Ø match address – specify the extended access list for crypto map
Ø set peer [hostname | ip address] – specify the IPsec peer in a crypto map
Ø set Transform-set - specify the transform sets that used with the crypto map entry
Ø set pfs [group 1 | group 2] – specify the pfs setting. Group 1 is 769-bit and group 2 is 1024 bit
Ø set security-association [level | lifetime]
- level per-host - specify the IPSec security associations should be requested for each
source/destination host pair
- lifetime [seconds | kilobytes] - override the global lifetime value that is used when
negotiating IPSec security.
crypto map dynamic-map dynamic-map name dynamic-seq no – Create dynamic-map entry.
crypto isakmp enable – enable Internet Key Exchange (IKE) at your router.