2 crypto map peers, Crypto map peers – Motorola Series Switch WS5100 User Manual
Page 279
Switch Security
6-55
b. Assign the Crypto Map a
Name
to differentiate from others with similar configurations.
c. Use the
None, Domain Name
or
Host Name r
adio buttons to select and enter the fully qualified
domain or host name of the host exchanging identity information.
d. Define a
SA Lifetime (secs)
to define an interval (in seconds) that (when expired) forces a new
association negotiation.
e. Define a
SA Lifetime (Kb)
to time out the security association after the specified amount of traffic
(in kilobytes) has passed through the IPSec tunnel using the security association.
f. Use the
ACL ID
drop-down menu to permit a Crypto Map data flow using the permissions within the
selected ACL.
g. Use the
PFS
drop-down menu to specify a group to require perfect forward secrecy (PFS) in requests
received from the peer.
h. Use the
Remote Type
drop-down menu to specify a remote type of either
XAuth
or
L2TP
.
i. Use the
Mode
drop-down menu to specify a mode of
Main
or
Aggressive
. Aggressive mode
enables you to configure pre-shared keys as Radius tunnel attributes for IP Security (IPSec) peers.
j. Optionally select the
SA Per Host
checkbox to specify that separate IPSec SAs should be requested
for each source/destination host pair.
k. Optionally select the
Mode Config
checkbox to allow the new Crypto Map to be implemented using
the aggressive mode if selected from the Mode drop-down menu.
l. Refer to the
Peers (add choices)
field to select and use the Add and Delete buttons as necessary
to add or remove existing peers to the Crypto Map. For information on adding or modifying peers,
see
m. Refer to the
Transform Sets (select one)
field to select and assign a transform set for use with
the Crypto Map. Again, a transform set represents a combination of security protocols and
algorithms. During the IPSec security association negotiation, peers agree to use a particular
transform set for protecting data flow.
7. Click
OK
to save the new Crypto Map and display it within the Crypto Map tab.
6.8.4.2 Crypto Map Peers
To review, revise or add Crypto Map peers:
1. Select
Security
>
IPSec VPN
from the main menu tree.