crypto-map-ipsec-isakmp-instance
Applies an existing and configured IP access list to the auto site-to-site VPN tunnel or remote VPN client. Based on the IP access list‘s settings traffic is permitted or denied across the VPN tunnel.
use ip-access-list <IP-ACCESS-LIST-NAME>
use ip-access-list <IP-ACCESS-LIST-NAME>
ip-access-list <IP-ACCESS-LIST-NAME> | Specify the IP access list name. |
Site-to-site VPN tunnel: rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#use ip-access-list test rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)#show context crypto map test 1 ipsec-isakmp use ip-access-list test security-association level perhost peer 1 ikev2 ikev2Peer1 local-endpoint-ip 192.168.13.10 pfs 5 security-association lifetime kilobytes 250000 security-association inactivity-timeout 200 transform-set AutoVPN ip nat crypto rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#1)# Remote VPN client: rrfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#use ip-access-list test1 rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#show context ' crypto map test 2 ipsec-isakmp dynamic use ip-access-list test1 peer 1 ikev1 RemoteIKEv1Peer1 local-endpoint-ip 157.235.204.62 pfs 14 security-association lifetime seconds 10000 transform-set RemoteVPN remote-type none rfs4000-229D58(config-device-00-23-68-22-9D-58-cryptomap-test#2)#