crypto ipsec security-association lifetime [ kilobytes seconds] – to modify the time value when negotiating Ipsec security.

crypto map map-name map number [ ipsec-isakmp ipsec-manual]– create a crypto map entry. Ipsec-isakmp is used to establish the Ipsec security for protecting the traffic. Ipsec-maunal is not using IKE to establish the ipsec secutiry.

crypto map map name map number ipsec-manual

ØMatch address – specify the extended access list for crypto map

ØTransform-set- specify the transform sets that used with the crypto map entry

Øset peer [hostname ip address] – specify the IPsec peer in a crypto map

Øset session key [inbound outbound] [ah esp] spi [ciper] hex-key-data[authenticator] hex-key-data

-inbound – set inbound session key

-outbound- set outbound session key

-ah – set AH protocol for Ipsec session key

-ciper - Indicates that the key is to be used with the ESP encryption .

- authenticator – (optional) Indicates that the key is to be used with the ESP encryption crypto map map name map number ipsec-isakmp

Ømatch address – specify the extended access list for crypto map

Øset peer [hostname ip address] – specify the IPsec peer in a crypto map

Øset Transform-set- specify the transform sets that used with the crypto map entry

Øset pfs [group 1 group 2] – specify the pfs setting. Group 1 is 769-bit and group 2 is 1024 bit

Øset security-association [level lifetime]

-level per-host- specify the IPSec security associations should be requested for each source/destination host pair

-lifetime [seconds kilobytes] - override the global lifetime value that is used when negotiating IPSec security.

crypto map dynamic-mapdynamic-map name dynamic-seq no – Create dynamic-map entry. crypto isakmp enable – enable Internet Key Exchange (IKE) at your router.

48