Brocade Communications Systems RFS6000 User Manual

Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide

381

53-1001931-01

Crypto Map config commands

10

Parameters

localid [dn|hostname]
<name>

Sets the local identity

•

dn <name> – Defines the distinguished dn name

•

hostname <name> – Sets the hostname

•

<name> – The distinguished name or hostname

mode [aggressive|main]

Sets the mode of the tunnels for this Crypto Map

•

aggressive – Initiates aggressive mode

•

main – Initiates main mode

peer

[ipaddress|

<host name>]

Sets the IP address of the peer device. This can be set for multiple
remote peers. The remote peer can be either an IP address.
In manual mode, only one remote peer can be added for a crypto
map

•

IP address – Enter the IP address of the peer device. If not
configured, it implies responder only to any peer

•

<host name> – Displays host name of the peer

pfs [1|2|5]

Use the set pfs command to choose the type of perfect forward
secrecy (if any) required during IPSec negotiation of SAs for this
crypto map. Use the no form of this command to require no PFS.

•

group 1 – IPSec is required to use the Diffie-Hellman Group 1
(768-bit modulus) exchange during IPSec SA key generation

•

group 2 – IPSec is required to use the Diffie-Hellman Group 2
(1024-bit modulus) exchange during IPSec SA key
generation

•

group 5 – IPSec is required to use Diffie-Hellman Group 5

remote-type [ipsec-l2tp|
xauth]

Sets the remote VPN client type

•

ipsec-l2tp – Specify the remote VPN client as using
IPSEC/L2TP

•

xauth – Specify the remote VPN client as using XAUTH with
mode config

security-association [level
perhost|lifetime
{kilobyte|seconds}]

Defines the lifetime (in kilobytes and/or seconds) of the IPSec SAs
created by this crypto map

•

level perhost – Specifies the security association granularity
level for identities

•

lifetime [kilobyte|seconds] – Security an association lifetime