Cisco Cisco ASR 5000
Crypto Map IPSec IKEv1 Configuration Mode Commands
match ip pool ▀
Command Line Interface Reference, StarOS Release 18 ▄
2993
match ip pool pool-name
pool_name
Specifies the name of an existing IP poolthat should be matched as an alphanumeric string of 1 through 31
characters.
characters.
destination-network ip_address [ /mask
]
Specifies the IP address of the destination network in IPv4 dotted-decimal or IPV6 colon-separated-
hexadecimal notation.
hexadecimal notation.
/mask
specifies the subnet mask bits (representing the subnet mask). This variable must be entered in IPv4
dotted-decimal or !Pv6 colon-separated-hexadecimal CIDR notation.
An IP pool attached to the crypto map can have multiple IPSec tunnels according to the destination of the
packet being forwarded to internet.
An IP pool attached to the crypto map can have multiple IPSec tunnels according to the destination of the
packet being forwarded to internet.
Important:
Each invocation of this command will add another destination network to the IP pool, with a
maximum of eight destination networks per crypto map.
Usage
Use this command to set the names of IP pools that should be matched in the current crypto map.
Important:
If an IP address pool that is matched to a IKEv1 crypto map is resized, removed, or added, the
corresponding security association must be cleared in order for the change to take effect. Refer to the
clear crypto
command in the Exec mode for information on clearing security associations.
Example
The following command sets a rule for the current crypto map that will match an IP pool named
ippool1
:
match ip pool pool-name ippool1