Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
encrypted key value: Specifies that the pre-shared key used for authentication is encrypted and expressed as an alphanumeric string of 1 through 255 characters.key value: Specifies that the pre-shared key used for authentication is clear text and expressed as an alphanumeric string of 1 through 255 characters.The following command sets the authentication method to an open key value of 6d7970617373776f7264:clear-bit: Clears the DF bit from the outer IP header (sets it to 0).copy-bit: Copies the DF bit from the inner IP header to the outer IP header. This is the default action.set-bit: Sets the DF bit in the outer IP header (sets it to 1).Specifies the maximum number of retransmissions of an IKEv2 IKE exchange request if a response has not been received. number must be an integer from 1 to 8. Default: 5Specifies the number of seconds before an IKEv2 IKE Security Association that is not fully established is terminated. sec must be an integer from 1 to 3600. Default: 60Matches or associates the crypto map to an access control list (ACL) configured in the same context.match address acl_nameSpecifies The name of the ACL with which the crypto map is to be matched. acl_name is an alphanumeric string of 1 through 79 characters that is case sensitive.Important: The priorities are only compared for ACLs matched to other crypto maps or to policy ACLs (those applied to the entire context).
The following command sets the crypto map ACL to the ACL named acl-list1 and sets the crypto maps priority to the highest level.no payload namepayload nameTwo payloads are required: one each for MIP and IKEv2. The first payload is used for establishing the initial Child SA Tunnel Inner Address (TIA) which will be torn down. The second payload is used for establishing the remaining Child SAs. Note that if there is no second payload defined with home-address as the ip-address-allocation then no MIP call can be established, just a Simple IP call.The following command configures a crypto template payload called payload5 and enters the Crypto Template IKEv2-IPv6 Payload Configuration Mode:peer ip_addresspeer ip_addressThe following command configures the system to recognize an IPsec peer server with an IPv6 address of fe80::200:f8ff:fe21:67cf:
|
| Cisco Systems Inc. |
| Tel: 408-526-4000 |
| Fax: 408-527-0883 |