Cisco Cisco Packet Data Interworking Function (PDIF)
Crypto Maps
ISAKMP Crypto Map Configuration ▀
IPSec Reference, StarOS Release 17 ▄
69
acl_name is name of the pre-configured Access Control List (ACL). It is used for configurations not
implementing the IPSec Tunnel Failover feature and match the crypto map to a previously defined crypto ACL.
This is an optional parameter.
This is an optional parameter.
group_name is name of the Crypto group configured in the same context. It is used for configurations employing
the IPSec Tunnel Failover feature. This is an optional parameter. For more information, refer to the Redundant
IPSec Tunnel Fail-Over chapter of this guide.
IPSec Tunnel Fail-Over chapter of this guide.
For more information on parameters, refer to the Crypto Map ISAKMP Configuration Mode Commands chapter
in the Command Line Interface Reference.
Verifying the ISAKMP Crypto Map Configuration
Enter the following Exec mode command for the appropriate context to display and verify your ISAKMP crypto map:
show crypto map [ tag map_name | type ipsec-isakmp ]
This command produces an output similar to that displayed below that displays the configuration of a crypto map named
test_map2.
test_map2.
Map Name : test_map2
========================================
Payload :
crypto_acl2: permit tcp host 10.10.2.12 neq 35 any
Crypto map Type : ISAKMP
IKE Mode : MAIN
IKE pre-shared key : 3fd32rf09svc
Perfect Forward Secrecy : Group2
Hard Lifetime :
28800 seconds
4608000 kilobytes
Number of Transforms: 1
Transform : test1
AH : none
ESP: md5 3des-cbc
Encaps mode: TUNNEL
Local Gateway: Not Set
Remote Gateway: 192.168.1.1
========================================
Payload :
crypto_acl2: permit tcp host 10.10.2.12 neq 35 any
Crypto map Type : ISAKMP
IKE Mode : MAIN
IKE pre-shared key : 3fd32rf09svc
Perfect Forward Secrecy : Group2
Hard Lifetime :
28800 seconds
4608000 kilobytes
Number of Transforms: 1
Transform : test1
AH : none
ESP: md5 3des-cbc
Encaps mode: TUNNEL
Local Gateway: Not Set
Remote Gateway: 192.168.1.1
Caution:
Modification(s) to an existing ISAKMP crypto map configuration will not take effect until the related
security association has been cleared. Refer to the clear crypto security-association command located in the Exec
Mode Commands chapter of the Command Line Interface Reference for more information.
Mode Commands chapter of the Command Line Interface Reference for more information.