Crypto Map IKEv2-IPv6 Payload Configuration Mode Commands

The Crypto Map IKEv2-IPv6 Payload Configuration Mode is used to assign the correct IPSec transform-set from a list of up to four different transform-sets, and to assign Mobile IP addresses.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
end

Usage:

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
exit

Usage:

Use this command to return to the parent configuration mode.

ipsec

Configures the IPSec transform set to be used for this crypto template payload.

Platform:

ASR 5000

Product:

P-GW


Privilege:

Administrator


Syntax
ipsec transform-set
list nameno ipsec transform-set list
ipsec transform-set list name

Specifies the context configured IPSec transform set name to be used in the crypto template payload. This is a space-separated list. From 1 to 4 transform sets can be entered. name is an alphanumeric string of 1 through 127 characters.


Usage:

Use this command to list the IPSec transform set(s) to use in this crypto template payload.


Example:
The following command configures IPSec transform sets named ipset1 and ipset2 to be used in this crypto template payload:
ipsec transform-set
list ipset1 ipset2 
lifetime

Configures the number of seconds and/or kilobytes for IPSec Child SAs derived from this crypto template payload to exist.

Platform:

ASR 5000

Product:

P-GW


Privilege:

Administrator


Syntax
lifetime { sec [ kilo-bytes kbytes ] | kilobytes kbytes }default lifetime
default

Returns the lifetime value to the default setting of 86400 seconds.

sec

Specifies the number of seconds for IPSec Child Security Associations derived from this crypto template payload to exist. sec must be an integer from 60 through 604800. Default: 86400

kilo-bytes kbytes

Specifies lifetime in kilobytes for IPSec Child Security Associations derived from this Crypto Map. kbytes must be an integer from 1 through 2147483648.


Usage:

Use this command to configure the number of seconds and/or kilobytes for IPSec Child Security Associations derived from this crypto template payload to exist.


Example:
The following command configures the IPSec child SA lifetime to be 120 seconds:
lifetime 120 
rekey

Configures child security association rekeying.

Platform:

ASR 5000

Product:

P-GW


Privilege:

Administrator


Syntax
rekey [ keepalive ][ default | no ] rekey
default

Returns the feature to the default setting of disabled.

no

Disables this feature.

keepalive

If specified, a session will be rekeyed even if there has been no data exchanged since the last rekeying operation. By default rekeying is only performed if there has been data exchanged since the previous rekey.


Usage:

Use this command to enable or disable the ability to rekey IPSec Child SAs after approximately 90% of the Child SA lifetime has expired. The default, and recommended setting, is not to perform rekeying. No rekeying means the P-GW will not originate rekeying operations and will not process CHILD SA rekeying requests from the MS.


Example:
The following command disables rekeying:
no rekey