Cisco Cisco Packet Data Interworking Function (PDIF)
Crypto Map IPSec IKEv1 Configuration Mode Commands
▀ set
▄ Command Line Interface Reference, StarOS Release 16
2886
set
Configures parameters for the dynamic crypto map.
Product
ePDG
FA
GGSN
HA
HeNBGW
HNBGW
HSGW
MME
P-GW
PDSN
S-GW
SAEGW
SCM
SecGW
SGSN
Privilege
Security Administrator
Mode
Exec > Global Configuration > Context Configuration > Crypto Map IPSec IKEv1 Configuration
configure > context context_name > crypto map policy_name ipsec-ikev1
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-crypto-map)#
Syntax
set { control-dont-fragment { clear-bit | copy-bit | set-bit } | ikev1 natt [
keepalive
keepalive
time
] | pfs { group1 | group2 | group5 } |
phase1-idtype { id-key-id |
ipv4-address [ mode { aggressive | main } ] | phase2-idtype { ipv4-address |
ipv4-address-subnet } | security-association lifetime { disable-phase2-rekey |
keepalive | kilo-bytes
ipv4-address-subnet } | security-association lifetime { disable-phase2-rekey |
keepalive | kilo-bytes
kbytes
| seconds
secs
}
transform-set
transform_name
[
transform-set
transform_name2 ...
transform-set
transform_name6
]
no set { ikev1 natt | pfs | phase1-idtype |
phase2-idtype | security-association
lifetime { disable-phase2-rekey | keepalive | kilo-bytes | seconds } | transform-
set transform_name
set transform_name
[ transform-set
transform_name2 ...
transform-set
transform_name6
]
set control-dont-fragment { clear-bit | copy-bit | set-bit }
Controls the don’t fragment (DF) bit in the outer IP header of the IPsec tunnel data packet. Options are: