beautypg.com

2 crypto map peers, Crypto map peers – Motorola Series Switch WS5100 User Manual

Page 279

background image

Switch Security

6-55

b. Assign the Crypto Map a

Name

to differentiate from others with similar configurations.

c. Use the

None, Domain Name

or

Host Name r

adio buttons to select and enter the fully qualified

domain or host name of the host exchanging identity information.

d. Define a

SA Lifetime (secs)

to define an interval (in seconds) that (when expired) forces a new

association negotiation.

e. Define a

SA Lifetime (Kb)

to time out the security association after the specified amount of traffic

(in kilobytes) has passed through the IPSec tunnel using the security association.

f. Use the

ACL ID

drop-down menu to permit a Crypto Map data flow using the permissions within the

selected ACL.

g. Use the

PFS

drop-down menu to specify a group to require perfect forward secrecy (PFS) in requests

received from the peer.

h. Use the

Remote Type

drop-down menu to specify a remote type of either

XAuth

or

L2TP

.

i. Use the

Mode

drop-down menu to specify a mode of

Main

or

Aggressive

. Aggressive mode

enables you to configure pre-shared keys as Radius tunnel attributes for IP Security (IPSec) peers.

j. Optionally select the

SA Per Host

checkbox to specify that separate IPSec SAs should be requested

for each source/destination host pair.

k. Optionally select the

Mode Config

checkbox to allow the new Crypto Map to be implemented using

the aggressive mode if selected from the Mode drop-down menu.

l. Refer to the

Peers (add choices)

field to select and use the Add and Delete buttons as necessary

to add or remove existing peers to the Crypto Map. For information on adding or modifying peers,
see

Crypto Map Peers on page 6-55

.

m. Refer to the

Transform Sets (select one)

field to select and assign a transform set for use with

the Crypto Map. Again, a transform set represents a combination of security protocols and
algorithms. During the IPSec security association negotiation, peers agree to use a particular
transform set for protecting data flow.

7. Click

OK

to save the new Crypto Map and display it within the Crypto Map tab.

6.8.4.2 Crypto Map Peers

To review, revise or add Crypto Map peers:

1. Select

Security

>

IPSec VPN

from the main menu tree.