Release Notes

ManualsBrandsDell ManualsTVs & monitorsW-620

Parameter Description Range Default

peer-ip <ipaddr>

If you are using IKEv1 to establish a site-

to-site VPN to a statically addressed

remote peer, identify the peer device by

enteringIP address of the peer gateway.

NOTE: If you are configuring an IPsec map

for a static-ip controller with a dynamically

addressed remote peer, you must leave

the peer gateway set to its default value of

0.0.0.0.

— —

peer-fqdn

For site-to-site VPNs with dynamically

addressed peers, specify a fully qualified

domain name (FQDN) for the controller.

any-fqdn

fqdn-id

any-fqdn

any-fqdn

If the controller is defined as a

dynamically addressed responder, you

can select any-fqdn to make the

controller a responder for all VPN peers,

— —

fqdn-id <peer-id-fqdn>

Specify the FQDN of a peer to make the

controller a responder for one specific

initiator only.

— —

pre-connect

Enables or disables pre-connection. enable/

disable

disabled

set ike1-policy

<policy-v1-number>

Select an IKEv1 policy for the ipsec-map.

Predefined policies are described in the

table below.

— —

set ikev2-policy

<policy-v2-number>

Select IKEv2 policy for the ipsec-map. Pre-

defined policies are described in the table

below.

— —

set ca-certificate

<cacert-name>

User-defined name of a trusted CA

certificate installed in the controller. Use

the show crypto-local pki TrustedCA

command to display the CA certificates

that have been imported into the

controller.

— —

set pfs

If you enable Perfect Forward Secrecy

(PFS) mode, new session keys are not

derived from previously used session

keys. Therefore, if a key is compromised,

that compromised key will not affect any

previous session keys. To enable this

feature, specify one of the following

Perfect Forward Secrecy modes:

l group1 : 768-bit Diffie Hellman prime

modulus group.

l group2: 1024-bit Diffie Hellman prime

modulus group.

l group14: 2048-bit Diffie Hellman

prime modulus group.

l group19: 256-bit random Diffie

Hellman ECP modulus group. (For

IKEv2 only)

l group20: 384-bit random Diffie

Hellman ECP modulus group. (For

group1

group2

group14

group19

group20

disabled

Dell Networking W-Series ArubaOS 6.4.x | Reference Guide crypto-local ipsec-map | 282