Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 631
618
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
7
security-association level perhost
peer 1 ikev2 ikev2Peer1
local-endpoint-ip 192.168.13.10
pfs 5
security-association lifetime kilobytes 250000
security-association inactivity-timeout 200
transform-set AutoVPN
ip nat crypto
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#
Remote VPN client:
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#transform-se
t RemoteVPN
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#show context
crypto map test 2 ipsec-isakmp dynamic
peer 1 ikev1 RemoteIKEv1Peer1
local-endpoint-ip 157.235.204.62
pfs 14
security-association lifetime seconds 10000
transform-set RemoteVPN
remote-type none
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#
use
crypto-map auto-vpn-tunnel/remote-vpn-client instance
Applies an existing and configured IP access list to the auto site-to-site VPN tunnel or remote VPN
client. Based on the IP access list’s settings traffic is permitted or denied across the VPN tunnel.
Supported in the following platforms:
•
Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point
•
Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000
•
Service Platforms — Brocade Mobility RFS9510
Syntax:
use ip-access-list
Parameters
use ip-access-list
Example
Site-to-site VPN tunnel:
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)##use
ip-access-list test
rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#show context
ip-access-list
Specify the IP access list name.