Concept Guide
318| crypto-local ipsec-map Dell Networking W-Series ArubaOS 6.5.x| Reference Guide
Policy
Name
Policy
Number
IKE
Version
Encryption
Algorithm
Hash
Algorithm
Authentica
-tion
Method
PRF
Method
Diffie-
Hellman
Group
Default
Suite-B
256 bit
ECDSA
protectio
n suite
10009 IKEv2 AES -256 SHA 384-
192
ECDSA-384
Signature
hmac-
sha2-
384
Random
ECP
Group
(384 bit)
Default
Suite-B
128bit
IKEv1
ECDSA
protectio
n suite
10010 IKEv1 AES-GCM-
128
SHA 256-
128
ECDSA-256
Signature
hmac-
sha2-
256
Random
ECP
Group
(256 bit)
Default
Suite-B
256-bit
IKEv1
ECDSA
protectio
n suite
10011 IKEv1 AES-GCM-
256
SHA 256-
128
ECDSA-256
Signature
hmac-
sha2-
256
Random
ECP
Group
(256 bit)
When using a default IKE (V1 or V2) policy for an IPsec map, the priority number should be the same as the policy
number.
Examples
The following commands configures site-to-site VPN between two controllers:
(host) (config) #crypto-local ipsec-map sf-chi-vpn 100
src-net 101.1.1.0 255.255.255.0
dst-net 100.1.1.0 255.255.255.0
peer-ip 172.16.0.254
vlan 1
trusted
(host) (config) #crypto-local ipsec-map chi-sf-vpn 100
src-net 100.1.1.0 255.255.255.0
dst-net 101.1.1.0 255.255.255.0
peer-ip 172.16.100.254
vlan 1
trusted
For a dynamically addressed controller that initiates IKE Aggressive-mode for Site-Site VPN:
(host) (config)crypto-local ipsec-map <name> <priority>
src-net <ipaddr> <mask>
dst-net <ipaddr> <mask>
peer-ip <ipaddr>
local-fqdn <local_id_fqdn>
vlan <id>
pre-connect enable|disable
trusted enable
For the Pre-shared-key: