Filter
Top Products
292 | VirtualPrivateNetworks DellPowerConnectW-SeriesArubaOS6.2 | User Guide
lifetime <seconds>
For preshared key authentication:
(host)(config) #crypto-local isakmp key <key> address <ipaddr> netmask <mask>
(host)(config) #crypto isakmp policy <priority>
encryption {3des|aes128|aes192|aes256|des}
version v1|v2
authentication pre-share
group {1|2|19|20}
hash {md5|sha|sha1-96|sha2-256-128|sha2-384-192}
lifetime <seconds>
To configure site-to-site VPN with a static and a dynamically addressed controller that initiates IKE Aggressive-
mode for Site-Site VPN:
(host)(config) #crypto-local ipsec-map <name> <priority>
src-net <ipaddr> <mask>
dst-net <ipaddr> <mask>
peer-ip <ipaddr>local-fqdn <local_id_fqdn>
vlan <id>
pre-connect enable|disable
trusted enable
For the Pre-shared-key:
(host)(config) #crypto-local isakmp key <key> address <ipaddr> netmask 255.255.255.255
For a static IP controller that responds to IKE Aggressive-mode for Site-Site VPN:
crypto-local ipsec-map <name2> <priority>
src-net <ipaddr> <mask>
dst-net <ipaddr> <mask>
peer-ip 0.0.0.0
peer-fqdn fqdn-id <peer_id_fqdn>
vlan <id>
trusted enable
For the Pre-shared-key:
(host)(config) #crypto-local isakmp key <key> fqdn <fqdn-id>
For a static IP controller that responds to IKE Aggressive-mode for Site-Site VPN with One PSK for All FQDNs:
(host)(config) #crypto-local ipsec-map <name2> <priority>
src-net <ipaddr> <mask>
peer-ip 0.0.0.0
peer-fqdn any-fqdn
vlan <id>
trusted enable
For the Pre-shared-key for All FQDNs:
(host)(config) #crypto-local isakmp key <key> fqdn-any
Detecting Dead Peers
Dead Peer Detection (DPD) is enabled by default on the controller for site-to-site VPNs. DPD, as described in
RFC 3706, “A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers,” uses IPsec traffic
patterns to minimize the number of IKE messages required to determine the liveliness of an IKE peer.
To configure DPD parameters, issue the following commands via the command-line interface.