Interface vpn commands, Interface vpn commands -122, Crypto ezipsec – Enterasys Networks X-Pedition XSR CLI User Manual
Page 576: Interface vpn commands interface vpn
Interface VPN Commands
14-122 Configuring the VPN
crypto ezipsec
This command creates a suite of IPSec policies, sorted by cryptographic strength, that are offered
to the remote security gateway. The gateway selects one of these policies based on its local
configuration. EZ‐IPSec relies upon the IKE Mode Configuration protocol to obtain an IP address
from the remote security gateway.
An EZ‐IPSec crypto map is also created and attached to the interface under configuration. Refer to
the XSR User’s Guide for specific examples and how
crypto ezipsec
is used with RIP and NAT.
Be aware of the following rules governing this command:
•
Crypto ezipsec
may not be enabled on an interface that already has a crypto map.
•
Crypto maps may be attached to other network interfaces.
•
EZ‐IPSec parameters cannot be changed but can be supplemented with custom values.
Syntax
crypto ezipsec
Syntax of the “no” Form
no crypto ezipsec
Default
Disabled
Mode
Interface configuration:
XSR(config-if<xx>)#
Example
The following example configures EZ‐IPSec on Serial interface 1:
XSR(config-if<S1/0>)#crypto ezipsec
Interface VPN Commands
interface vpn
This command acquires virtual Interface VPN configuration mode from which you can configure
the following sub‐commands:
•
copy-tos
‐ Copies TOS bits during the encapsulation/decapsulation process. Refer to
•
description -
Describes the VPN interface. Refer to
definition.
•
ip address negotiated -
Requires a site‐to‐site tunnel to obtain an IP address from the
remote tunnel gateway via PPP or IKE Mode Config. Refer to
for the command
definition.