Table of Contents
Advertisement
▀ Manual Crypto Map Configuration
<
map_name
<
acl_name
Tunnel Failover feature and match the crypto map to a previously defined crypto ACL. This is an optional
parameter.
The length of the configured key must match the configured algorithm.
<
group_name
the IPSec Tunnel Failover feature. This is an optional parameter.
For more information on parameters, refer to the Crypto Map Manual Configuration Mode Commands chapter in
the Command Line Interface Reference.
Verifying the Manual Crypto Map Configuration
These instructions are used to verify the manual crypto map configuration.
Step 1
Verify that your manual crypto map configurations by entering the following command in Exec Mode in specific
context:
show crypto map [ tag map_name | type ipsec-manual ]
This command produces an output similar to that displayed below that displays the configuration of a crypto map named
test_map.
Map Name : test_map
========================================
Payload :
crypto_acl1: permit tcp host 1.2.3.4 gt 30 any
Crypto map Type : manual(static)
Transform : test1
Encaps mode: TUNNEL
Transmit Flow
Protocol : ESP
SPI : 0x102 (258)
Hmac : md5, key: 23d32d23cs89
Cipher : 3des-cbc, key: 1234asd3c3d
Receive Flow
Protocol : ESP
SPI : 0x101 (257) Hmac : md5, key: 008j90u3rjp
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
162
> is name by which the manual crypto map will be recognized by the system.
> is name of the pre-configured ACL. It is used for configurations not implementing the IPSec
> is name of the Crypto group configured in the same context. It is used for configurations using
IP Security
OL-25069-03
Advertisement
Table of Contents
