To navigate to the automatic IPSec manual VPN tunnel configuration instance, use the following command:
In the device-config mode:
<DEVICE>(config-device-<DEVICE-MAC>)#crypto map <CRYPTO-MAP-TAG> <1-1000> ipsec-manual
In the profile-config mode:
<DEVICE>(config-profile-<PROFILE-NAME>)#crypto map <CRYPTO-MAP-TAG> <1-1000> ipsec-manual
nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#3)#
nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#3)#?
Manual Crypto Map Configuration commands:
local-endpoint-ip Use this IP as local tunnel endpoint address, instead
of the interface IP (Advanced Configuration)
mode Set the tunnel mode
no Negate a command or set its defaults
peer Set peer
security-association Set security association parameters
session-key Set security session key parameters
use Set setting to use
clrscr Clears the display screen
commit Commit all changes made in this session
do Run commands from Exec mode
end End current mode and change to EXEC mode
exit End current mode and down to previous mode
help Description of the interactive help system
revert Revert changes
service Service Commands
show Show running system information
write Write running configuration to memory or terminal
nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test#3)#
The following table summarizes IPSec manual VPN tunnel configuration mode commands:
| Command | Description |
|---|---|
| local-endpoint-ip | Uses the configured IP as local tunnel endpoint address, instead of the interface IP (Advanced Configuration) |
| mode | Sets the tunnel mode |
| peer | Sets the peer device‘s IP address |
| security-association | Defines the lifetime (in kilobytes and/or seconds) of IPSec SAs created by a crypto map |
| session-key | Defines encryption and authentication keys for a crypto map |
| use | Uses the configured IP access list |
| no | Removes or reverts crypto map IPSec manual settings |