Brocade Communications Systems RFS7000 Network Router User Manual


  Open as PDF
of 839
 
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide 233
53-1001931-01
Global Configuration commands
5
crypto
Global Configuration commands
Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy,
ISAKMP Client or ISAKMP Peer command set.
NOTE
crypto isakmp(policy)Priority moves to the
config-crypto-isakmp instance. For more information, see
Crypto-isakmp Instance on page 327.
crypto isakmp client configuration group default moves you to the
config-crypto-group instance. For more details, see
Crypto-group Instance on page 341.
crypto isakmp peer IP Address moves to the
config-crypto-peer instance. For more details, see Crypto-peer Instance on page 351.
crypto ipsec transformset <tag> <value> leads you to
crypto-ipsec. Use the crypto ipsec transform-set command to define the transform
configuration for securing data (for example, esp-3des, esp-sha-hmac, etc.). The transform-set is
assigned to a crypto map using the map’s set transform-set command. For more details, see
Crypto-trustpoint Instance on page 387.
crypto pki trustpoint mode leads to the config-trustpoint instance. For more details, see
Crypto-trustpoint Instance on page 387.
Supported in the following platforms:
Mobility RFS4000 Controller
Mobility RFS6000 Controller
Mobility RFS7000 Controller
Syntax
crypto [ipsec|isakmp|key|map|pki]
crypto ipsec [security-association|transform-set]
crypto ipsec security-association lifetime
[kilobyte|seconds] <lifetime>
crypto ipsec transform-set <transform-set-tag>
[ah-md5-hmac|ah-sha-hmac|esp-3des|esp-aes|esp-aes-192|
esp-aes-256|esp-des|esp-md5-hmac|esp-sha-hmac]
crypto isakmp [client|keepalive|key|peer|policy]
crypto isakmp client configuration group default
crypto isakmp keepalive <10-3600>
crypto isakmp key [0 <secret>|2 <secret>|<secret>]
[address <IP>|hostname <HOST>]
crypto isakmp peer [address <IP>|dn <distinguished-name>|
hostname <HOST>]
crypto isakmp policy <1-10000>
crypto key [export|generate|import|zeroize]
crypto key export rsa <rsa-keypair> <URL>
{<pass-phrase>}
 previous next