Cisco Cisco Packet Data Gateway (PDG) Guida Alla Risoluzione Dei Problemi
Crypto Map IKEv1 Configuration Mode Commands
set ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22948-01
set
Configures parameters for the dynamic crypto map.
Product
PDSN, HA, GGSN, SCM
Privilege
Security Administrator, Administrator
Syntax
phase1-idtype { id-
key-id | ipv4-address [ mode { aggressive | main } ] |
transform-set
phase1-idtype |
transform-set
Controls the don‘t fragment (DF) bit in the outer IP header of the IPsec tunnel data packet. Options are:
: Clears the DF bit from the outer IP header (sets it to 0).
: Copies the DF bit from the inner IP header to the outer IP header. This is the default
action.
: Sets the DF bit in the outer IP header (sets it to 1).
Specifies IKE parameters.
: Enables IPSec NAT Traversal.
: The time to keep the NAT connection alive in seconds.
must be an integer of
from 1 through 3600 seconds.
Specifies the modp Oakley group (also known as the Diffie-Hellman (D-H ) group) that is used to determine
the length of the base prime numbers that are used for Perfect Forward Secrecy (PFS).
the length of the base prime numbers that are used for Perfect Forward Secrecy (PFS).
: Diffie-Hellman Group1 (768-bit modp)
:- Diffie-Hellman Group2 (1024-bit modp)
:- Diffie-Hellman Group5 (1536-bit modp)
Sets the IKE negotiations Phase 1 payload identifier. Default: id-key-id
id-key-id: ID KEY ID
ipv4-address: ID IPV4 Address
id-key-id: ID KEY ID
ipv4-address: ID IPV4 Address
mode: Configures IKE mode