Reference Guide
333 | crypto-local ipsec-map Dell Networking W-Series ArubaOS 6.4.x| User Guide
(host) (config) #crypto-local ipsec-map chi-sf-vpn 100
src-net 100.1.1.0 255.255.255.0
dst-net 101.1.1.0 255.255.255.0
peer-ip 172.16.100.254
vlan 1
trusted
For a dynamically addressed controller that initiates IKE Aggressive-mode for Site-Site VPN:
(host) (config)crypto-local ipsec-map <name> <priority>
src-net <ipaddr> <mask>
dst-net <ipaddr> <mask>
peer-ip <ipaddr>
local-fqdn <local_id_fqdn>
vlan <id>
pre-connect enable|disable
trusted enable
For the Pre-shared-key:
crypto-local isakmp key <key> address <ipaddr> netmask <mask>
For a static IP controller that responds to IKE Aggressive-mode for Site-Site VPN:
(host) (config)crypto-local ipsec-map <name2> <priority>
src-net <ipaddr> <mask>
dst-net <ipaddr> <mask>
peer-ip 0.0.0.0
peer-fqdn fqdn-id <peer_id_fqdn>
vlan <id>
trusted enable
For the Pre-shared-key:
crypto-local isakmp key <key> fqdn <fqdn-id>
For a static IP controller that responds to IKE Aggressive-mode for Site-Site VPN with One PSK for All FQDNs:
(host) (config)crypto-local ipsec-map <name2> <priority>
src-net <ipaddr> <mask>
peer-ip 0.0.0.0
peer-fqdn any-fqdn
vlan <id>
trusted enable
For the Pre-shared-key for All FQDNs:
crypto-local isakmp key <key> fqdn-any
Command History
Release Modification
ArubaOS 3.0 Command introduced.
ArubaOS 6.1 The peer-cert-dn and peer-fqdn parameters were introduced.
The set pfs command introduced the group19 and group20 parameters.
ArubaOS 6.3 The set security-association lifetime kilobytesand Diffie-Hellman set pfs
group 14 parameters were added.