crypto-auto-ipsec-tunnel commands
Defines the IKE version used for auto IPSEC tunnel negotiation with the IPSec remote gateway other than the controller
remotegw ike-version [ikev1-aggr|ikev1-main|ikev2] {uniqueid}
remotegw ike-version [ikev1-aggr|ikev1-main|ikev2] {uniqueid}
| remotegw ike-version | Configures the IKE version used for initiating auto IPSec tunnel with secure gateways other than the controller |
| ikev1-aggr | Aggregation mode is used by the auto IPSec tunnel initiator to set up the connection |
| ikev1-main | Main mode is used by the auto IPSec tunnel initiator to establish the connection |
| ikev2 | IKEv2 is the preferred method when wireless controller/AP only is used |
| uniqueid | This keyword is
common to all of the above parameters.
Providing a unique ID enables the access point, wireless controller, or service platform to uniquely identify the destination device. This is essential in networks where there are multiple APs behind a router, or when two (or more) APs behind two (or more) different routers have the same IP address. For example, let us consider a scenario where there are two APs (A and B) behind two routers (1 and 2). AP ‘A‘ is behind router ‘1‘. And AP ‘B‘ is behind router ‘2‘. Both these APs have the same IP address (192.168.13.8). In such a scenario, the controller fails to establish an Auto IPSec VPN tunnel to either APs, because it is unable to uniquely identify them. After enabling unique ID assignment, enable IKE unique ID check. For more information, see crypto. |
nx9500-6C8809(config-profile-default-AP8533-crypto-auto-ipsec-secure)#remotegw ike-version ikev2 uniqueid nx9500-6C8809(config-profile-default-AP8533-crypto-auto-ipsec-secure)#show context crypto auto-ipsec-secure remotegw ike-version ikev2 uniqueid nx9500-6C8809(config-profile-default-AP8533-crypto-auto-ipsec-secure)#