Filter
Top Products
4-14
C7200 VSA (VPN Services Adapter) Installation and Configuration Guide
OL-9129-02
Chapter 4 Configuring the VSA
Configuration Tasks
To add a dynamic crypto map set into a crypto map set, use the following command in global
configuration mode:
Applying Crypto Map Sets to Interfaces
Apply a crypto map set to each interface through which IPSec traffic will flow. Crypto maps instruct the
router to evaluate the interface traffic against the crypto map set and use the specified policy during
connection or security association negotiation on behalf of traffic to be protected by crypto.
To apply a crypto map set to an interface, use the following command in interface configuration mode:
To specify redundant interfaces and name an identifying interface, use the following command in global
configuration mode:
Monitoring and Maintaining IPSec
To clear (and reinitialize) IPSec security associations, use one of the following commands in EXEC or
enable mode (see “Using the EXEC Command Interpreter” section on page 4-2 for more details):
Command Purpose
Router(config)# crypto map
map-name seq-num
ipsec-isakmp dynamic
dynamic-map-name
Adds a dynamic crypto map set to a static crypto
map set.
Command Purpose
Router(config-if)# crypto map
map-name
Applies a crypto map set to an interface.
Command Purpose
Router(config)# crypto map
map-name
local-address
interface-id
Permits redundant interfaces to share the same
crypto map, using the same local identity.
Command Purpose
Router# clear crypto sa
or
Router# clear crypto sa counters
or
Router# clear crypto sa peer {
ip-address
|
peer-name
}
or
Router# clear crypto sa map
map-name
or
Router# clear crypto sa spi
destination-address
protocol spi
Clears IPSec security associations.
Note Using the clear crypto sa command without parameters
will clear out the full SA database, which will clear out
active security sessions. You may also specify the peer,
map, or spi keywords to clear out only a subset of the SA
database. For more information, see the clear crypto sa
command.