Cisco Cisco Packet Data Interworking Function (PDIF)
Crypto Maps
Manual Crypto Map Configuration ▀
IPSec Reference, StarOS Release 17 ▄
73
Notes:
ctxt_name is the system context in which you wish to create and configure the manual crypto maps.
map_name is name by which the manual crypto map will be recognized by the system.
acl_name is name of the pre-configured ACL. It is used for configurations not implementing the IPSec Tunnel
Failover feature and match the crypto map to a previously defined crypto ACL. This is an optional parameter.
The length of the configured key must match the configured algorithm.
group_name is name of the crypto group configured in the same context. It is used for configurations using the
IPSec Tunnel Failover feature. This is an optional parameter.
For more information on parameters, refer to the Crypto Map Manual Configuration Mode Commands chapter in
the Command Line Interface Reference.
Verifying the Manual Crypto Map Configuration
Enter the following Exec mode command for the appropriate context to display and verify your manual crypto map
configuration:
configuration:
show crypto map [ tag map_name | map-type ipsec-manual ]
This command produces an output similar to that displayed below that displays the configuration of a crypto map named
test_map.
test_map.
Map Name : test_map
========================================
Payload :
crypto_acl1: permit tcp host 1.2.3.4 gt 30 any
Crypto map Type : manual(static)
Transform : test1
Encaps mode: TUNNEL
Transmit Flow
Protocol : ESP
SPI : 0x102 (258)
Hmac : md5, key: 23d32d23cs89
Cipher : 3des-cbc, key: 1234asd3c3d
Receive Flow
Protocol : ESP
SPI : 0x101 (257) Hmac : md5, key: 008j90u3rjp
Cipher : 3des-cbc, key: sdfsdfasdf342d32
Local Gateway: Not Set
Remote Gateway: 192.168.1.40
========================================
Payload :
crypto_acl1: permit tcp host 1.2.3.4 gt 30 any
Crypto map Type : manual(static)
Transform : test1
Encaps mode: TUNNEL
Transmit Flow
Protocol : ESP
SPI : 0x102 (258)
Hmac : md5, key: 23d32d23cs89
Cipher : 3des-cbc, key: 1234asd3c3d
Receive Flow
Protocol : ESP
SPI : 0x101 (257) Hmac : md5, key: 008j90u3rjp
Cipher : 3des-cbc, key: sdfsdfasdf342d32
Local Gateway: Not Set
Remote Gateway: 192.168.1.40
Caution:
Modification(s) to an existing manual crypto map configuration will not take effect until the related
security association has been cleared. Refer to the clear crypto security-association command located in the Exec
Mode Commands chapter of the Command Line Interface Reference for more information.
Mode Commands chapter of the Command Line Interface Reference for more information.