Cisco Cisco ASR 5000
Crypto Map IPSec Manual Configuration Mode Commands
set session-key ▀
Command Line Interface Reference, StarOS Release 18 ▄
3011
ah
ah_spi
Configures the Security Parameter Index (SPI) for the Authentication Header (AH) protocol. The SPI is used
to identify the AH security association (SA) between the system and the security gateway.
to identify the AH security association (SA) between the system and the security gateway.
ah_spi
is an
integer from 256 through 4294967295.
encrypted
Indicates the key provided is encrypted.
The
The
encrypted
keyword is intended only for use by the system while saving configuration scripts. The
system displays the
encrypted
keyword in the configuration file as a flag that the variable following the
key
,
cipher
, and/or
authenticator
keyword is the encrypted version of the plain text key. Only the
encrypted key is saved as part of the configuration file.
key
ah_key
Configures the key used by the system to de/encapsulate IP packets using Authentication Header (AH)
protocol.
protocol.
ah_key
must be entered as either an alphanumeric string or a hexadecimal number beginning with
“0x”.
The length of the configured key must match the configured algorithm.
The length of the configured key must match the configured algorithm.
esp
esp_spi
Configures SPI for the Encapsulating Security Payload (ESP) protocol. The SPI is used to identify the ESP
security association (SA) between the system and the security gateway.
security association (SA) between the system and the security gateway.
esp_spi
is an integer from 256
through 4294967295.
The length of the configured key must match the configured algorithm.
The length of the configured key must match the configured algorithm.
cipher
encryption_key
Specifies the key used by the system to de/encrypt the payloads of IP packets using the ESP protocol.
encryption_key
must be entered as either an alphanumeric string or a hexadecimal number beginning with
“0x”.
The length of the configured key must match the configured algorithm.
The length of the configured key must match the configured algorithm.
authenticator
auth_key
Specifies the key used by the system to authenticate the IP packets once encryption has been performed.
auth_key
must be entered as either an alphanumeric string or a hexadecimal number beginning with “0x”.
The length of the configured key must match the configured algorithm.
Usage
Manual crypto maps rely on the use of statically configured keys to establish IPSec tunnels. This command
allows the configuration of the static keys.
Identical keys must be configured on both the system and the security gateway in order for the tunnel to be
established.
The length of the configured key must match the configured algorithm.
This command can be entered up to two time for the same crypto map: once to configure inbound key
properties, and once to configure outbound key properties.
allows the configuration of the static keys.
Identical keys must be configured on both the system and the security gateway in order for the tunnel to be
established.
The length of the configured key must match the configured algorithm.
This command can be entered up to two time for the same crypto map: once to configure inbound key
properties, and once to configure outbound key properties.
Example
The following command configures a manual crypto map with the following session key properties:
Keys are for tunnels initiated by the system to the security gateway.
ESP will be used with an SPI of
310
.