SROS Command Line Interface Reference Guide

Crypto Map Manual Command Set

 

 

match address <listname>

Use the match address command to assign an IP access-list to a crypto map definition. The access-list designates the IP packets to be encrypted by this crypto map. See ip access-list extended <listname> on page 250 for more information on creating access-lists.

Syntax Description

<listname>

Enter the name of the access-list you wish to assign to this crypto map.

Default Values

By default, no IP access-lists are defined.

Command Modes

(config-crypto-map)# Crypto Map Configuration Mode (IKE or Manual)

Functional Notes

Crypto map entries do not directly contain the selectors used to determine which data to secure. Instead, the crypto map entry refers to an access control list. An access control list (ACL) is assigned to the crypto map using the match address command (see crypto map on page 232). If no ACL is configured for a crypto map, then the entry is incomplete and will have no effect on the system.

The entries of the ACL used in a crypto map should be created with respect to traffic sent by the product. The source information must be the local product, and the destination must be the peer.

Only extended access-lists can be used in crypto maps.

Usage Examples

The following example shows setting up an access-list (called NewList) and then assigning the new list to a crypto map (called NewMap):

(config)#ip access-list extended NewList

Configuring New Extended ACL "NewList"

(config-ext-nacl)#exit

(config)#crypto map NewMap 10 ipsec-manual (config-crypto-map)#match address NewList

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

408

Page 408
Image 408
HP 7000 dl Router manual Copyright 2005 Hewlett-Packard Development Company, L.P 408