Cisco Cisco Packet Data Gateway (PDG)
Crypto Maps
▀ Manual Crypto Map Configuration
▄ IPSec Reference, StarOS Release 16
72
Manual Crypto Map Configuration
This section provides instructions for configuring manual crypto maps on the system.
Important:
Because manual crypto map configurations require the use of static security keys (associations), they
are not as secure as crypto maps that rely on dynamically configured keys. Therefore, it is recommended that they only
be configured and used for testing purposes.
be configured and used for testing purposes.
Important:
This section provides the minimum instruction set for configuring manual crypto maps on the
system. For more information on commands that configure additional parameters and options, refer to the Context
Configuration Mode Commands and Crypto Map Manual Configuration Mode Commands chapters in the Command
Line Interface Reference.
Configuration Mode Commands and Crypto Map Manual Configuration Mode Commands chapters in the Command
Line Interface Reference.
To configure the manual crypto maps for IPSec:
Step 1
Step 2
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
Configuring Manual Crypto Maps
Use the following example to create the manual crypto map on your system:
configure
context <ctxt_name>
crypto map <map_name> ipsec-manual
set peer <agw_address>
match address <acl_name> [ preference ]
set transform-set <transform_name>
set session-key { inbound | outbound } { ah <ah_spi> [ encrypted ] key
<ah_key> | esp <esp_spi> [ encrypted ] cipher <encryption_key> [ encrypted ]
authenticator <auth_key> }
<ah_key> | esp <esp_spi> [ encrypted ] cipher <encryption_key> [ encrypted ]
authenticator <auth_key> }
end
Notes:
<ctxt_name>
is the system context in which you wish to create and configure the manual crypto maps.