Crypto Map IKEv2-IPv6 Payload Configuration Mode Commands


Crypto Map IKEv2-IPv6 Payload Configuration Mode Commands
 
 
The Crypto Map IKEv2-IPv6 Payload Configuration Mode is used to assign the correct IPsec transform-set from a list of up to four different transform-sets, and to assign Mobile IP addresses.
 
Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
 
end
Exits the current mode and returns to the Exec Mode.
Product
All
Privilege
Administrator
Syntax
end
Usage
Change the mode back to the Exec Mode.
 
exit
Exits the current mode and returns to the previous mode.
Product
All
Privilege
Administrator
Syntax
exit
Usage
Returns to the previous mode.
 
ipsec
Configures the IPsec transform set to be used for this crypto template payload.
Product
P-GW
Privilege
Administrator
Syntax
ipsec transform-set list name
no ipsec transform-set list
list name
Specifies the context configured IPsec transform set name to be used in the crypto template payload. This is a space-separated list. From 1 to 4 transform sets can be entered. name must be from 1 to 127 alpha and/or numeric characters.
Usage
Use this command to list the IPsec transform set(s) to use in this crypto template payload.
Example
The following command configures IPsec transform sets named ipset1 and ipset2 to be used in this crypto template payload:
ipsec transform-set list ipset1 ipset2
 
lifetime
Configures the number of seconds for IPsec Child SAs derived from this crypto template payload to exist.
Product
P-GW
Privilege
Administrator
Syntax
lifetime sec [ kilobytes kbytes ]
default lifetime
default
Returns the lifetime value to the default setting of 86400.
sec
Default: 86400
Specifies the number of seconds for IPsec Child Security Associations derived from this crypto template payload to exist. sec must be an integer from 60 to 604800.
kilobytes kbytes
Specifies lifetime in kilo-bytes for IPsec Child Security Associations derived from this Crypto Map. kbytes must be an integer value from 1 to 2147483648.
Usage
Use this command to configure the number of seconds for IPsec Child Security Associations derived from this crypto template payload to exist.
Example
The following command configures the IPsec child SA lifetime to be 120 seconds:
lifetime 120
 
rekey
Configures child security association rekeying.
Product
P-GW
Privilege
Administrator
Syntax
rekey [ keepalive ]
[ default | no ] rekey
default
Returns the feature to the default setting of disabled.
no
Disables this feature.
keepalive
If specified, a session will be rekeyed even if there has been no data exchanged since the last rekeying operation. By default rekeying is only performed if there has been data exchanged since the previous rekey.
Usage
Use this command to enable or disable the ability to rekey IPsec Child SAs after approximately 90% of the Child SA lifetime has expired. The default, and recommended setting, is not to perform rekeying. No rekeying means the PDIF will not originate rekeying operations and will not process CHILD SA rekeying requests from the MS.
Example
The following command disables rekeying:
no rekey
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883