Cisco Cisco ASR 5000
Global Configuration Mode Commands (A-K)
crypto peer-list ▀
Command Line Interface Reference, StarOS Release 18 ▄
5385
crypto peer-list
Enables an SecGW to initiate an IKEv2 session setup request when the peer does not initiate a setup request within a
specified time interval. Executing this command moves you to the Peer List Configuration mode. This functionality is
only applicable for site-to-site (S2S) based tunnels within a WSG service. For remote access tunnels the peer is always
the initiator. (VPC-VSM only)
specified time interval. Executing this command moves you to the Peer List Configuration mode. This functionality is
only applicable for site-to-site (S2S) based tunnels within a WSG service. For remote access tunnels the peer is always
the initiator. (VPC-VSM only)
Product
SecGW (WSG)
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration
configure
Entering the above command sequence results in the following prompt:
[local]host_name(config)#
Syntax
[ no ] crypto peer-list { ipv4 | ipv6 } peer_list_name
no
Disables the specified crypto peer list.
peer_list_name
Specifies the name of the peer list as an alphanumeric string of one through 32 characters.
Usage
Use this command to enable an SecGW to initiate an IKEv2 session setup request when the peer does not
initiate a setup request within a specified time interval. Executing this command moves you to the Peer List
Configuration mode. This functionality is only applicable for site-to-site (S2S) based tunnels within a WSG
service. For remote access tunnels the peer is always the initiator. (VPC-VSM only)
The following restrictions apply when configuring an SecGW as an Initiator:
initiate a setup request within a specified time interval. Executing this command moves you to the Peer List
Configuration mode. This functionality is only applicable for site-to-site (S2S) based tunnels within a WSG
service. For remote access tunnels the peer is always the initiator. (VPC-VSM only)
The following restrictions apply when configuring an SecGW as an Initiator:
The peer-list peer_list_name command is only executed if the deployment mode for WSG service is
site-to-site, and the bind address type matches with the peer list address type (IPv4 or IPv6).
You cannot change the WSG service deployment-mode if peer-list peer_list_name is enabled under the
service. You will be prompted to remove the peer list before changing the mode.
A maximum of 1,000 peer IP addresses can be added to the peer list via the Peer List Configuration
mode address command.
WSG service address binding is not allowed if a peer list is configured and both address types do not
match. An error message is generated if they do not match.
An IPv4 or IPv6 peer list cannot be modified if peer-list peer_list_name is enabled under the WSG
service.