brocade-communications-sy rfs6000 用户手册

Global Configuration commands

5

crypto

Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy, 
ISAKMP Client or ISAKMP Peer command set. 

NOTE

crypto isakmp(policy)Priority 

moves to the 

config-crypto-isakmp

 instance. For more information, see 

.

moves you to the 

config-crypto-group

 instance. For more details, see 

moves to the 

config-crypto-peer

 instance. For more details, see 

.

 leads you to 

crypto-ipsec. 

Use the crypto ipsec transform-set command to define the transform 

configuration for securing data (for example, esp-3des, esp-sha-hmac, etc.). The transform-set is 
assigned to a crypto map using the map’s set transform-set command. For more details, see 

 mode leads to the 

config-trustpoint

 instance. For more details, see 

Supported in the following platforms:

•

Mobility RFS4000 Controller

•

Mobility RFS6000 Controller

•

Mobility RFS7000 Controller

Syntax

 [ipsec|isakmp|key|map|pki]

 ipsec [security-association|transform-set]

crypto ipsec security-association lifetime 

[kilobyte|seconds] <lifetime>

crypto ipsec transform-set <transform-set-tag> 

[ah-md5-hmac|ah-sha-hmac|esp-3des|esp-aes|esp-aes-192|

esp-aes-256|esp-des|esp-md5-hmac|esp-sha-hmac]

 isakmp [client|keepalive|key|peer|policy]

crypto isakmp client configuration group default

crypto isakmp keepalive <10-3600>

crypto isakmp key [0 <secret>|2 <secret>|<secret>] 

[address <IP>|hostname <HOST>]

crypto isakmp peer [address <IP>|dn <distinguished-name>|

hostname <HOST>]

crypto isakmp policy <1-10000>

 key [export|generate|import|zeroize]

crypto key export rsa <rsa-keypair> <URL> 

{<pass-phrase>}