Chapter 4 Configuring the VSA
Configuration Tasks
| Command | Purpose |
|
|
|
Step 4 | Specifies which transform set should be used. | |
| This must be the same transform set that is specified | |
|
| |
|
| in the corresponding crypto map entry on the remote |
|
| peer . |
|
| (Only one transform set can be specified when IKE is |
|
| not used.) |
|
|
|
Step 5 | Sets the AH Security Parameter Indexes (SPIs) and | |
| spi | keys to apply to inbound and outbound protected |
|
| traffic if the specified transform set includes the AH |
| and | protocol. |
| (This manually specifies the AH security association | |
| spi | to be used with protected traffic.) |
|
|
|
Step 6 | Sets the ESP Security Parameter Indexes (SPIs) and | |
| spi cipher | keys to apply to inbound and outbound protected |
| traffic if the specified transform set includes the ESP | |
|
| |
| and | protocol. Specifies the cipher keys if the transform |
| set includes an ESP cipher algorithm. Specifies the | |
| ||
| authenticator keys if the transform set includes an | |
| esp spi cipher | |
| ESP authenticator algorithm. | |
| ||
|
| |
|
| (This manually specifies the ESP security association |
|
| to be used with protected traffic.) |
|
|
|
Step 7 | Exits | |
|
| global configuration mode. |
|
|
|
To create crypto map entries that will use IKE to establish the security associations, use the following commands starting in global configuration mode:
| Command | Purpose |
|
|
|
Step 1 | Router(config)# crypto map | Names the crypto map entry to create (or modify). |
| This command puts you into the crypto map | |
|
| |
|
| configuration mode. |
|
|
|
Step 2 | Names an extended access list. This access list | |
| determines which traffic should be protected by | |
|
| IPSec and which traffic should not be protected by |
|
| IPSec security in the context of this crypto map entry. |
|
|
|
Step 3 | Specifies a remote IPSec peer. This is the peer to | |
| which IPSec protected traffic can be forwarded. | |
|
| Repeat for multiple remote peers. |
|
|
|
Step 4 | Specifies which transform sets are allowed for this | |
| crypto map entry. List multiple transform sets in | |
| order of priority (highest priority first). | |
|
| |
|
|
|
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
|
| ||
|
|