crypto-map-ipsec-isakmp-instance

crypto-map-config-commands

To navigate to the remote VPN client configuration instance, use the following command:

In the device-config mode:
<DEVICE>(config-device-<DEVICE-MAC>)#crypto map <CRYPTO-MAP-TAG> <1-1000> ipsec-isakmp {dynamic}

In the profile-config mode:
<DEVICE>(config-profile-<PROFILE-NAME>)#crypto map <CRYPTO-MAP-TAG> <1-1000> ipsec-isakmp {dynamic}

nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#crypto map test2 2 ipsec-isakmp d
ynamic
nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test2#2)#?
Dynamic Crypto Map Configuration commands:
  local-endpoint-ip     Use this IP as local tunnel endpoint address, instead
                        of the interface IP (Advanced Configuration)
  modeconfig            Set the mode config method
  no                    Negate a command or set its defaults
  peer                  Add a remote peer
  pfs                   Specify Perfect Forward Secrecy
  remote-type           Set the remote VPN client type
  security-association  Security association parameters
  transform-set         Specify IPSec transform(s) to use
  use                   Set setting to use

  clrscr                Clears the display screen
  commit                Commit all changes made in this session
  do                    Run commands from Exec mode
  end                   End current mode and change to EXEC mode
  exit                  End current mode and down to previous mode
  help                  Description of the interactive help system
  revert                Revert changes
  service               Service Commands
  show                  Show running system information
  write                 Write running configuration to memory or terminal

nx9500-6C8809(config-device-B4-C7-99-6C-88-09-cryptomap-test2#2)#

The following table lists this configuration mode commands:

Command Description
ip Enables this setting to utilize IP/Port NAT on the VPN tunnel. This command is applicable only to the site-to-site VPN tunnel.
local-endpoint-ip Uses the configured IP as local tunnel endpoint address, instead of the interface IP. This command is applicable to the site-to-site VPN tunnel and remote VPN client.
modeconfig Configures the mode config method (pull or push) associated with the remote VPN client. This command is applicable only to the remote VPN client.
peer Configures the IKEv1 or IKEv2 peer for the VPN tunnel. This command is applicable to the site-to-site VPN tunnel and remote VPN client.
pfs Configures the Perfect Forward Secrecy (PFS) for the VPN tunnel. This command is applicable to the site-to-site VPN tunnel and remote VPN client.
remote-type Configures the remote VPN client type as either None or XAuth. This command is applicable only to the remote VPN client.
security-association Defines this automatic VPN tunnel‘s IPSec SA settings. This command is applicable to the site-to-site VPN tunnel and remote VPN client.
transform-set Applies a transform set (encryption and hash algorithms) to the VPN tunnel. This command is applicable to the site-to-site VPN tunnel and remote VPN client.
use Applies an existing and configured IP access list to the VPN tunnel. This command is applicable to the site-to-site VPN tunnel and remote VPN client.
no (crypto-map-ipsec-isakmp) Removes or reverts site-to-site VPN tunnel or remote VPN client settings
9037762-01 Rev AA