beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 633

background image

620

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

7

Example

The following example shows the IPSec site-to-site VPN tunnel ‘test’ settings

before the ‘no’ commands are executed:

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#show context

crypto map test 1 ipsec-isakmp

use ip-access-list test

security-association level perhost

peer 1 ikev2 ikev2Peer1

local-endpoint-ip 192.168.13.10

pfs 5

security-association lifetime kilobytes 250000t

security-association inactivity-timeout 200

transform-set AutVPN

ip nat crypto

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#no use

ip-access-list

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#no

security-association level perhost

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#no ip nat

crypto

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#no pfs

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#no

local-endpoint-ip

The following example shows the IPSec site-to-site VPN tunnel ‘test’ settings

after the ‘no’ commands are executed:

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#show context

crypto map test 1 ipsec-isakmp

peer 1 ikev2 ikev2Peer1

security-association lifetime kilobytes 250000

security-association inactivity-timeout 200

transform-set AutoVPN

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#

The following example shows the IPSec remote VPN client ‘test’ settings before

the ‘no’ commands are executed:

rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#show context

crypto map test 2 ipsec-isakmp dynamic

use ip-access-list test2

peer 1 ikev1 RemoteIKEv1Peer1

local-endpoint-ip 157.235.204.62

pfs 14

security-association lifetime seconds 10000

transform-set RemoteVPN

remote-type none

no pfs

Removes the PFS configured for this auto site-to-site VPN tunnel

no remote-type

Resets the remote VPN client type to default (XAUTH)

no security-association

Removes the VPN tunnel or remote VPN client’s IPSec SA settings

no transform-set

Removes the transform set applied to the VPN tunnel or remote VPN client

no use

Removes IP access list applied to the auto site-to-site VPN tunnel or remote VPN client

See also other documents in the category Brocade Computer Accessories: