Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 381
53-1001931-01
Crypto Map config commands 10
Parameters
localid [dn|hostname]
<name>
Sets the local identity
dn <name> Defines the distinguished dn name
hostname <name> Sets the hostname
<name> – The distinguished name or hostname
mode [aggressive|main] Sets the mode of the tunnels for this Crypto Map
aggressive Initiates aggressive mode
main – Initiates main mode
peer [ipaddress|
<host name>]
Sets the IP address of the peer device. This can be set for multiple
remote peers. The remote peer can be either an IP address.
In manual mode, only one remote peer can be added for a crypto
map
IP address – Enter the IP address of the peer device. If not
configured, it implies responder only to any peer
<host name> – Displays host name of the peer
pfs [1|2|5] Use the set pfs command to choose the type of perfect forward
secrecy (if any) required during IPSec negotiation of SAs for this
crypto map. Use the no form of this command to require no PFS.
group 1 – IPSec is required to use the Diffie-Hellman Group 1
(768-bit modulus) exchange during IPSec SA key generation
group 2 – IPSec is required to use the Diffie-Hellman Group 2
(1024-bit modulus) exchange during IPSec SA key
generation
group 5IPSec is required to use Diffie-Hellman Group 5
remote-type [ipsec-l2tp|
xauth]
Sets the remote VPN client type
ipsec-l2tp – Specify the remote VPN client as using
IPSEC/L2TP
xauth – Specify the remote VPN client as using XAUTH with
mode config
security-association [level
perhost|lifetime
{kilobyte|seconds}]
Defines the lifetime (in kilobytes and/or seconds) of the IPSec SAs
created by this crypto map
level perhost Specifies the security association granularity
level for identities
lifetime [kilobyte|seconds] Security an association lifetime