Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
encrypted key value: Specifies that the pre-shared key used for authentication is encrypted. value must be between 1 and 255 alpha and/or numeric characters.key value: Specifies that the pre-shared key used for authentication is clear text. value must be between 1 and 255 alpha and/or numeric characters.The following command sets the authentication method to an open key value of 6d7970617373776f7264:authentication pre-shared-key key 6d7970617373776f7264clear-bit: Clears the DF bit from the outer IP header (sets it to 0).copy-bit: Copies the DF bit from the inner IP header to the outer IP header. This is the default action.set-bit: Sets the DF bit in the outer IP header (sets it to 1).max-retransmissions numberSpecifies the maximum number of retransmissions of an IKEv2 IKE exchange request if a response has not been received. number must be an integer from 1 to 8.setup-timer secSpecifies the number of seconds before a IKEv2 IKE Security Association, that is not fully established, is terminated. sec must be an integer from 1 to 3600.Matches or associates the crypto map to an access control list (ACL) configured in the same context.acl_name can be from 1 to 79 alpha and/or numeric characters and is case sensitive.Important: The priorities are only compared for ACLs matched to other crypto maps or to policy ACLs (those applied to the entire context).
The following command sets the crypto map ACL to the ACL named acl-list1 and sets the crypto maps priority to the highest level.match address acl-list1 0no payload nameSpecifies the name of a new or existing crypto template payload. name must be from 1 to 127 alpha and/or numeric characters.Two payloads are required: one each for MIP and IKEv2. The first payload is used for establishing the initial Child SA Tunnel Inner Address (TIA) which will be torn down. The second payload is used for establishing the remaining Child SAs. Note that if there is no second payload defined with home-address as the ip-address-allocation then no MIP call can be established, just a Simple IP call.The following command configures a crypto template payload called payload5 and enters the Crypto Template IKEv2-IPv6 Payload Configuration Mode:payload payload5 match ipv6peer ip_addressSpecifies the IP address of a peer IPsec server. ip_address must be specified in IPv4 dotted decimal notation or IPv6 colon separated notation.The following command configures the system to recognize an IPsec peer server with an IPv6 address of fe80::200:f8ff:fe21:67cf:peer fe80::200:f8ff:fe21:67cf
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |