Cisco Cisco IOS Software Release 12.4(2)XB6 Références techniques
95
Command Reference for Cisco PDSN Release 4.0 in IOS Release 12.4(15)XR
crypto map local-address
To specify and name an identifying interface to be used by the crypto map for IPSec traffic, use the
crypto map local-address command in global configuration mode. To remove this command from the
configuration, use the no form of this command.
crypto map local-address command in global configuration mode. To remove this command from the
configuration, use the no form of this command.
crypto map map-name local-address interface-id
no crypto map map-name local-address interface-id
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
If you apply the same crypto map to two interfaces and do not use this command, two separate security
associations (with different local IP addresses) could be established to the same peer for similar traffic.
If you are using the second interface as redundant to the first interface, it could be preferable to have a
single security association (with a single local IP address) created for traffic sharing the two interfaces.
Having a single security association decreases overhead and makes administration simpler.
associations (with different local IP addresses) could be established to the same peer for similar traffic.
If you are using the second interface as redundant to the first interface, it could be preferable to have a
single security association (with a single local IP address) created for traffic sharing the two interfaces.
Having a single security association decreases overhead and makes administration simpler.
This command allows a peer to establish a single security association (and use a single local IP address)
that is shared by the two redundant interfaces.
that is shared by the two redundant interfaces.
If applying the same crypto map set to more than one interface, the default behavior is as follows:
•
Each interface will have its own security association database.
•
The IP address of the local interface will be used as the local address for IPSec traffic originating
from/destined to that interface.
from/destined to that interface.
However, if you use a local-address for that crypto map set, it has multiple effects:
•
Only one IPSec security association database will be established and shared for traffic through both
interfaces.
interfaces.
•
The IP address of the specified interface will be used as the local address for IPSec (and IKE) traffic
originating from or destined to that interface.
originating from or destined to that interface.
map-name
Name that identifies the crypto map set. This is the name assigned when the
crypto map was created.
crypto map was created.
interface-id
The identifying interface that should be used by the router to identify itself
to remote peers.
to remote peers.
If Internet Key Exchange is enabled and you are using a certification
authority (CA) to obtain certificates, this should be the interface with the
address specified in the CA certificates
authority (CA) to obtain certificates, this should be the interface with the
address specified in the CA certificates
Release
Modification
11.3T
This command was introduced.