crypto map ipsec

To define IKE Phase 2 Proposal providing encryption and determining authentication algorithm, mode of transaction, and lifetime as parameters, use the crypto map ipsec command in Crypto Map Configuration Mode.

crypto map ipsec

crypto map ipsec { {authentication ( } { ah | } { esp | } { encryption) | } { lifetime ( } { hrs | } { mins | } { secs) } { | pfs } { (group1 | } { group14 | } { group2 | } { group5) | } { lifetime ( } { hrs | } { mins | } { secs)} }

Parameters

Parameter Type Description
authentication   Select an IPSec security protocol
ah   Specify authentication header (AH) algorithm related information
esp   Specify encapsulating security payload (ESP) algorithm related information
encryption   Specify encryption related configuration
lifetime   Specify specifies lifetime related configuration
hrs   Specify lifetime in hrs
mins   Specify lifetime in mins
secs   Specify lifetime in secs
pfs   Enables Perfect Forward Secrecy (PFS) related configuration
group1   Specifies IKE group1 related information.
group14   Specifies IKE group14 related information.
group2   Specifies IKE group2 related information.
group5   Specifies IKE group5 related information.
lifetime   Specify specifies lifetime related configuration
hrs   Specify lifetime in hrs
mins   Specify lifetime in mins
secs   Specify lifetime in secs

Mode

Crypto Map Configuration Mode

Examples

iS5comm# configure terminal

iS5comm (config)# crypto map cybsec

iS5comm (config-crypto map)# crypto map ipsec lifetime secs 2

Parent topic: IPSec Policy Configuration