Reference Guide
218 | crypto-local ipsec-map Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide
Parameter Description
Rang-
e
Default
to-site VPN to a statically addressed
remote peer, identify the peer device by
enteringIP address of the peer gateway.
NOTE: If you are configuring an IPsec
map for a static-ip controller with a
dynamically addressed remote peer, you
must leave the peer gateway set to its
default value of 0.0.0.0.
peer-fqdn
For site-to-site VPNs with dynamically
addressed peers, specify a fully qualified
domain name (FQDN) for the controller.
any-
fqdn
fqdn-
id
any-fqdn
any-fqdn
If the controller is defined as a
dynamically addressed responder, you
can select any-fqdn to make the
controller a responder for all VPN peers,
fqdn-id <peer-id-fqdn>
Specify the FQDN of a peer to make the
controller a responder for one specific
initiator only.
pre-connect
Enables or disables pre-connection. ena-
ble/
dis-
able
disabled
set ca-certificate <cacert-name>
User-defined name of a trusted CA
certificate installed in the controller. Use
the show crypto-local pki TrustedCA
command to display the CA certificates
that have been imported into the
controller.
— —
set pfs
If you enable Perfect Forward Secrecy
(PFS) mode, new session keys are not
derived from previously used session
keys. Therefore, if a key is compromised,
that compromised key will not affect any
previous session keys. To enable this
feature, specify one of the following
Perfect Forward Secrecy modes:
l group1 : 768-bit Diffie Hellman prime
modulus group.
l group2: 1024-bit Diffie Hellman prime
modulus group.
l group19: 256-bit random Diffie
Hellman ECP modulus group. (For
IKEv2 only)
l group20: 384-bit random Diffie
Hellman ECP modulus group. (For
IKEv2 only)
group-
1
group-
2
group-
19
group-
20
disabled
set security-association lifetime
seconds <seconds>
Configures the lifetime, in seconds, for
the security association (SA).
300-
86400
7200
seconds