HP 7000 dl Router manual Copyright 2005 Hewlett-Packard Development Company, L.P 408

match address <listname>

Use the match address command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. See ip access-list extended <listname> on page 250 for more information on creating access-lists.

Syntax Description

Default Values

By default, no IP access-lists are defined.

Command Modes

(config-crypto-map)# Crypto Map Configuration Mode (IKE or Manual)

Functional Notes

Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead, the crypto map entry refers to an access control list. An access control list (ACL) is assigned to the crypto map using the match address command (see crypto map on page 232). If no ACL is configured for a crypto map, then the entry is incomplete and will have no effect on the system.

The entries of the ACL used in a crypto map should be created with respect to traffic sent by the product. The source information must be the local product, and the destination must be the peer.

Only extended access-lists can be used in crypto maps.

Usage Examples

The following example shows setting up an access-list (called NewList) and then assigning the new list to a crypto map (called NewMap):

(config)#ip access-list extended NewList

Configuring New Extended ACL "NewList"

(config-ext-nacl)#exit

(config)#crypto map NewMap 10 ipsec-manual (config-crypto-map)#match address NewList