Release Notes
281 | crypto-local ipsec-map Dell Networking W-Series ArubaOS 6.4.x| Reference Guide
crypto-local ipsec-map
crypto-local
crypto-local ipsec-map <map> <priority>
dst-net <ipaddr> <mask>
force-natt
no ...
local-fqdn <local_id_fqdn>
peer-cert-dn <peer-dn>
peer-fqdn any-fqdn|{peer-fqdn <peer-id-fqdn>}
peer-ip <ipaddr>
pre-connect {disable|enable}
set ca-certificate <cacert-name>
set ike1-policy <policy-v1-number>
set ikev2-policy <policy-v2-number>
set pfs {group1|group2|group14|group19|group20}
set security-association lifetime kilobytes <kilobytes>
set security-association lifetime seconds <seconds>
set server-certificate <cert-name>
set transform-set <name1> [<name2>] [<name3>] [<name4>]
src-net <ipaddr> <mask>
trusted {disable|enable}
version v1|v2
vlan <vlan>
Description
This command configures IPenablsec mapping for site-to-site VPN.
Syntax
Parameter Description Range Default
<map>
Name of the IPsec map. — —
<priority>
Priority of the entry. 1-9998 —
dst-net
IP address and netmask for the
destination network.
— —
force-natt
Include this parameter to always enforce
UDP 4500 for IKE and IPsec. This option is
disabled by default.
— —
no
Negates a configured parameter. — —
local-fqdn <local_id_fqdn>
If the local controller has a dynamic IP
address, you must specify the fully
qualified domain name (FQDN) of the
controller to configure it as a initiator of
IKE aggressive-mode.
— —
peer-cert-dn <peer-dn>
If you are using IKEv2 to establish a site-
to-site VPN to a statically addressed
remote peer, identify the peer device by
entering its certificate subject name in the
Peer Certificate Subject Name field
— —