use

crypto-map-ipsec-isakmp-instance

Applies an existing and configured IP access list to the auto site-to-site VPN tunnel or remote VPN client. Based on the IP access list‘s settings traffic is permitted or denied across the VPN tunnel.

Supported on the following devices:

Access Points: AP3000/X, AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

use ip-access-list <IP-ACCESS-LIST-NAME>

Parameters

use ip-access-list <IP-ACCESS-LIST-NAME>


ip-access-list <IP-ACCESS-LIST-NAME>	Specify the IP access list name.

Example

Site-to-site VPN tunnel:

nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#1)#use ip-access-list test

nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#1)#show context
 crypto map test 1 ipsec-isakmp
  use ip-access-list test
  security-association level perhost
  peer 1 ikev2 ikev2Peer1
  local-endpoint-ip 192.168.13.10
  pfs 5
  security-association lifetime kilobytes 250000
  security-association inactivity-timeout 200
  transform-set AutoVPN
  ip nat crypto
nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#1)#

Remote VPN client:

nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#2)#use ip-access-list test1

nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#2)#show context
' crypto map test 2 ipsec-isakmp dynamic
  use ip-access-list test1
  peer 1 ikev1 RemoteIKEv1Peer1
  local-endpoint-ip 157.235.204.62
  pfs 14
  security-association lifetime seconds 10000
  transform-set RemoteVPN
  remote-type none
nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#2)#