Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 632

Brocade Mobility RFS Controller CLI Reference Guide

619

53-1003098-01

crypto map test 1 ipsec-isakmp

use ip-access-list test

security-association level perhost

peer 1 ikev2 ikev2Peer1

local-endpoint-ip 192.168.13.10

pfs 5

security-association lifetime kilobytes 250000

security-association inactivity-timeout 200

transform-set AutoVPN

ip nat crypto

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#

Remote VPN client:

rrfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#use

ip-access-list test1

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#show context

' crypto map test 2 ipsec-isakmp dynamic

use ip-access-list test1

peer 1 ikev1 RemoteIKEv1Peer1

local-endpoint-ip 157.235.204.62

pfs 14

security-association lifetime seconds 10000

transform-set RemoteVPN

remote-type none

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#

crypto-map auto-vpn-tunnel/remote-vpn-client instance

Removes or reverts the auto site-to-site VPN tunnel or remote VPN client settings

Supported in the following platforms:

•

Access Points — Brocade Mobility 650 Access Point, Brocade Mobility 6511 Access Point,
Brocade Mobility 1220 Access Point, Brocade Mobility 71XX Access Point, Brocade
Mobility 1240 Access Point

•

Wireless Controllers — Brocade Mobility RFS4000, Brocade Mobility RFS6000, Brocade
Mobility RFS7000

•

Service Platforms — Brocade Mobility RFS9510

Syntax:

transform-set|use]

Parameters

transform-set|use]

no ip

Disables this setting to utilize IP/Port NAT on the auto site-to-site VPN tunnel

no local-endpoint-ip

Removes the configured IP as local tunnel endpoint address

no modeconfig

Resets the remote VPN client’s mode config method to default (push)

no peer

Removes the configured IKEv1 or IKEv2 peer for the auto site-to-site VPN tunnel or remote VPN client