HP 7000 dl Router instruction

SROS Command Line Interface Reference Guide Frame Relay Sub-Interface Config Command Set

crypto map <mapname>

Use the crypto map command to associate crypto maps with the interface.

When you apply a map to an interface, you are applying all crypto maps with the given map

Note name. This allows you to apply multiple crypto maps if you have created maps which share the same name but have different map index numbers.

	Note	For VPN configuration example scripts, refer to the VPN Configuration Guide located on
	Note	the ProCurve SROS Documentation CD provided with your unit.
		the ProCurve SROS Documentation CD provided with your unit.
	Syntax Description
	<mapname>	Enter the crypto map name that you wish to assign to the interface.

Default Values

By default, no crypto maps are assigned to an interface.

Command Modes

(config-interface)#	Interface Configuration Mode
	Valid interfaces include: Ethernet (eth 0/1), virtual PPP interfaces (ppp 1), virtual
	Frame Relay sub-interfaces (fr 1.20), and loopback interfaces

Functional Notes

When configuring a system to use both the stateful inspection firewall and IKE negotiation for VPN, keep the following notes in mind.

When defining the policy-class and associated access-control lists (ACLs) that describe the behavior of the firewall, do not forget to include the traffic coming into the system over a VPN tunnel terminated by the system. The firewall should be set up with respect to the un-encrypted traffic that is destined to be sent or received over the VPN tunnel. The following diagram represents typical Secure Router OS data-flow logic.

5991-2114

HP 7000 dl Router manual Copyright 2005 Hewlett-Packard Development Company, L.P 601

Models: 7000 dl Router

crypto map <mapname>

the ProCurve SROS Documentation CD provided with your unit.

Syntax Description

Functional Notes

© Copyright 2005 Hewlett-Packard Development Company, L.P.

601