Release Notes
Parameter Description Range Default
peer-ip <ipaddr>
If you are using IKEv1 to establish a site-
to-site VPN to a statically addressed
remote peer, identify the peer device by
enteringIP address of the peer gateway.
NOTE: If you are configuring an IPsec map
for a static-ip controller with a dynamically
addressed remote peer, you must leave
the peer gateway set to its default value of
0.0.0.0.
— —
peer-fqdn
For site-to-site VPNs with dynamically
addressed peers, specify a fully qualified
domain name (FQDN) for the controller.
any-fqdn
fqdn-id
any-fqdn
any-fqdn
If the controller is defined as a
dynamically addressed responder, you
can select any-fqdn to make the
controller a responder for all VPN peers,
— —
fqdn-id <peer-id-fqdn>
Specify the FQDN of a peer to make the
controller a responder for one specific
initiator only.
— —
pre-connect
Enables or disables pre-connection. enable/
disable
disabled
set ike1-policy
<policy-v1-number>
Select an IKEv1 policy for the ipsec-map.
Predefined policies are described in the
table below.
— —
set ikev2-policy
<policy-v2-number>
Select IKEv2 policy for the ipsec-map. Pre-
defined policies are described in the table
below.
— —
set ca-certificate
<cacert-name>
User-defined name of a trusted CA
certificate installed in the controller. Use
the show crypto-local pki TrustedCA
command to display the CA certificates
that have been imported into the
controller.
— —
set pfs
If you enable Perfect Forward Secrecy
(PFS) mode, new session keys are not
derived from previously used session
keys. Therefore, if a key is compromised,
that compromised key will not affect any
previous session keys. To enable this
feature, specify one of the following
Perfect Forward Secrecy modes:
l group1 : 768-bit Diffie Hellman prime
modulus group.
l group2: 1024-bit Diffie Hellman prime
modulus group.
l group14: 2048-bit Diffie Hellman
prime modulus group.
l group19: 256-bit random Diffie
Hellman ECP modulus group. (For
IKEv2 only)
l group20: 384-bit random Diffie
Hellman ECP modulus group. (For
group1
group2
group14
group19
group20
disabled
Dell Networking W-Series ArubaOS 6.4.x | Reference Guide crypto-local ipsec-map | 282