Cisco Cisco Packet Data Gateway (PDG)
Crypto Map IPSec IKEv1 Configuration Mode Commands
▀ set
▄ Command Line Interface Reference, StarOS Release 16
2888
kilo-bytes
: This specifies the amount of data (n kilobytes) to allow through the tunnel before the SA
lifetime expires.
kbytes
must be an integer from 2560 through 4294967294.
set seconds
: The number of seconds to wait before the SA lifetime expires.
secs
must be an integer
from 1200 through 86400.
Important:
If the dynamic crypto map is being used in conjunction with Mobile IP and the Mobile IP renewal
timer is less than the crypto map’s SA lifetime (either in terms of kilobytes or seconds), then the keepalive parameter
must be configured.
must be configured.
transform-set
transform_name
[ transform-set
transform_name2 ...
transform-set
transform_name6
]
Specifies the name of a transform set configured in the same context that will be associated with the crypto
map. Refer to the command
map. Refer to the command
crypto ipsec transform-set
for information on creating transform sets.
You can repeat this keyword up to 6 times on the command line to specify multiple transform sets.
transform_name
is the name of the transform set entered as an alphanumeric string of 1 through 127
characters that is case sensitive.
no
Deletes the specified parameter or resets the specified parameter to the default value.
Usage
Use this command to set parameters for a dynamic crypto map.
Example
The following command sets the PFS group to Group1:
set pfs group1
The following command sets the SA lifetime to
50000
KB:
set security-association lifetime kilo-bytes 50000
The following command sets the SA lifetime to
10000
seconds:
set security-association lifetime seconds 10000
The following command enables the SA to re-key when the tunnel lifetime expires:
set security-association lifetime keepalive
The following command defines transform sets
tset1
and
tset2
.
set transform-set tset1 transform-set tset2