PROFILES 7 - 29
Usage Guidelines
If no peer IP address is configured, the manual crypto map is not valid and not complete. A peer IP address is required for
manual crypto maps. To change the peer IP address, the no set peer command must be issued first, then the new peer IP
address can be configured.
isakmp [aggresive-mode-
peer|client|keepalive|key|
policy]
Configures the Internet Security Association and Key Management
Protocol (ISAKMP) policy
• aggressive-mode-peer [address|dn|hostname] – Defines the aggressive
mode attributes
• address – The IP address is the identity of the remote peer
• dn – The identity of the remote peer is the distinguished name
• hostname –The hostname is the identity of the remote peer
• client configuration group default – Leads to the config-crypto group
instance
• configuration – Defines the configuration set at the client
• group –
Defines the group (currently only one is supported)
• default – Default the group tag
• keepalive <10-3600> – Sets a keepalive interval for use with remote
peers. It defines the number of seconds between DPD messages.
• key [0|2|<WORD>] address <A.B.C.D> – Sets a pre-shared key for a
remote peer
• 0 <WORD> – Enter a clear text key
• 2 <WORD> – Enter an encrypted key
• <WORD> – Sets a key of size minimum 8 characters
• address <A.B.C.D> – Defines a shared key with an IP address
• policy <ISAKMP-POLICY> – Sets a policy for a ISAKMP protection suite
map <crypto-map-tag>
<1-1000>
[ipsec-isakmp|
ipsec-manual] {dynamic}
Enter a crypto map
• name <name> – Names the crypto map entry (cannot exceed 32
characters)
• <1-1000> – Defines the sequence to insert into the crypto map entry
• ipsec-isakmp – IPSEC w/ISAKMP
• ipsec-manual – IPSEC w/manual keying
• dynamic – Dynamic map entry (remote VPN configuration) for
XAUTH with mode-config or ipsec-l2tp configuration
pki import crl <WORD> URL
<1-168>
Configures certificate parameters. The public key infrastructure is a
protocol that creates encrypted public keys using digital certificates from
certificate authorities.
• import – Imports a trustpoint related configuration
• crl – Certificate revocation list
• <WORD> – Imports a trustpoint including either a private key and
server certificate or a CA certificate or both
• URL <1-168> – URL to get certificate from URLS:
tftp://<IP>/path/file
ftp://<user>:<passwd>@<IP>/path/file
•
<1-168> – Sets the duration to replay the command (between
1 and 168 hours)
Comments to this Manuals