transform-set <setname> <parameters>
crypto ipsec

SROS Command Line Interface Reference Guide

Global Configuration Mode Command Set

 

 

crypto map

Use the crypto map command to define crypto map names and numbers and to enter the associated (either Crypto Map IKE or Crypto Map Manual).

Variations of this command include the following:

crypto map <mapname> <mapindex> ipsec-ike crypto map <mapname> <mapindex> ipsec-manual

Note

For VPN configuration example scripts, refer to the technical support note VPN

 

Configuration Guide located on the ProCurve SROS Documentation CD provided with

 

your unit.

 

 

Syntax Description

<mapname>

Name the crypto map. You can assign the same name to multiple crypto maps, as

 

long as the map index numbers are unique.

<mapindex>

Assign a crypto map sequence number.

ipsec-ike

Enter the Crypto Map IKE (see Crypto Map IKE Command Set on page 396). This

 

supports IPSec entries that will use IKE to negotiate keys.

ipsec-manual

Enter the Crypto Map Manual (see Crypto Map IKE Command Set on page 396).

 

This supports manually configured IPSec entries.

Default Values

There are no default settings for this command.

Command Modes

(config)#

Global Configuration Mode

Functional Notes

Crypto map entries do not directly contain the transform configuration for securing data. Instead, the crypto map is associated with transform sets which contain specific security algorithms (see

on page 230).

Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead, the crypto map entry refers to an access control list. An access control list is assigned to the crypto map using the match address command (see ike-policy <policy number> on page 398).

If no transform-set or access-list is configured for a crypto map, the entry is incomplete and will have no effect on the system.

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

232

Page 232
Image 232
HP 7000 dl Router Crypto map, Ipsec-ike, Ipsec-manual