crypto-auto-ipsec-tunnel commands


Creates an auto IPSec VPN tunnel and changes the mode to auto-ipsec-secure mode for further configuration

Auto IPSec tunneling provides a secure tunnel between two networked peer controllers or service platforms and associated access points that are within a range of valid IP addresses. You can define which packets are sent within the tunnel, and how they are protected. When a tunneled peer sees a sensitive packet, it creates a secure tunnel and sends the packet through the tunnel to its remote peer destination or associated access point.

Tunnels are sets of SA between two peers. SAs define the protocols and algorithms applied to sensitive packets and specify the keying mechanisms used by tunneled peers. SAs are unidirectional and exist in both the inbound and outbound direction. SAs are established per the rules and conditions of defined security protocols (AH or ESP).

The IKE protocol is a key management protocol used in conjunction with IPSec. IKE enhances IPSec by providing additional features, flexibility, and configuration simplicity for the IPSec standard. IKE enables secure communications without time consuming manual pre-configuration for auto IPSec tunneling.

nx9500-6C8809(config-profile-default-rfs4000)#crypto auto-ipsec-secure
Crypto Auto IPSEC Tunnel commands:
  groupid       Local/Remote identity and Authentication credentials for Auto
                IPSec Secure IKE negotiation
  ike-lifetime  Set lifetime for ISAKMP security association
  ikev2         IKEv2 configuration commands
  ip            Internet Protocol config commands
  no            Negate a command or set its defaults
  remotegw      Auto IPSec Secure Remote Peer IKE

  clrscr        Clears the display screen
  commit        Commit all changes made in this session
  do            Run commands from Exec mode
  end           End current mode and change to EXEC mode
  exit          End current mode and down to previous mode
  help          Description of the interactive help system
  revert        Revert changes
  service       Service Commands
  show          Show running system information
  write         Write running configuration to memory or terminal


The following table summarizes the crypto IPSec auto tunnel configuration mode commands:

Command Description
groupid Specifies the identity string used for IKE authentication
ip Enables the controller or service platform to uniquely identify APs and the hosts present in the AP‘s subnet
ike-lifetime Configures the IKE SA‘s key lifetime in seconds
ikev2 Enables the forced re-authentication of IKEv2 peer
remotegw Defines the IKE version used for an auto IPSec tunnel using secure gateways
no Removes or reverts the crypto auto IPSec tunnel settings