Set security-association level per-host, Set transform-set – Enterasys Networks X-Pedition XSR CLI User Manual

Crypto Map Mode Commands

14-114 Configuring the VPN

set security-association level per-host

This command specifies that separate IPSec Security Associations (SAs) should be requested for 
each source/destination host pair.

Syntax

set security-association level per-host

Syntax of the “no” Form

The no form specifies that one SA should be requested for each crypto map ACL permit entry.

no set security-association level per-host

Default

For a given crypto map, all traffic between two IPSec peers matching a single crypto map ACL 
permit entry will share the same SA.

Mode

Crypto Map configuration: 

XSR(config-crypto-m)#

Example

The following example sets the SA request on a per‐host basis:

XSR(config)crypto map ACMEmap
XSR(config-crypto-m)#set security-association level per-host

set transform-set

This command specifies which transform‐sets can be used with the crypto map entry.

Syntax

set transform-set transform-set-name1 [transform-set-name2...transform-set-name6]

Syntax of the “no” Form

The no form of this command  removes all transform‐sets from a crypto map entry:

no set transform-set

Mode

Crypto Map configuration: 

XSR(config-crypto-m)#

transform-set-name

Name of the transform‐set. Up to 6 can be specified.