Cisco Cisco Packet Data Gateway (PDG) プリント
Crypto Templates
Configuring a Crypto Template ▀
Cisco StarOS IP Security (IPSec) Reference ▄
81
natt [ include-header ] [ send-keepalive [ idle-interval idle_secs ] [
interval interval_secs ]
interval interval_secs ]
ocsp [ nonce ]
payload payload_namee match childsa
ignore-rekeying-requests
ip-address-allocation { dynamic | home-address }
ipsec transform-set list name
lifetime { sec [ kilo-bytes kbytes ] | kilo-bytes kbytes }
maximum-child-sa num
rekey [ keepalive ]
tsi start-address { any { end-address any } | endpoint { end-address
endpoint } }
endpoint } }
peer network ip_address {/mask | mask ip_mask } [ encrypted pre-shared-
key key | pre-shared-key key ]
key key | pre-shared-key key ]
remote-secret-list list_name
whitelist
end
Notes:
You can enable blacklist or whitelist, but not both. For additional information, refer to the Access Control via
Blacklist or Whitelist section of the Access Control chapter of this guide.
For more information on the above commands and keywords, see the Crypto Template Configuration Mode
Commands and Crypto Template IKEv2 Dynamic Payload Configuration Mode Commands chapters of the
Command Line Interface Reference.
Command Line Interface Reference.