Flush a specific ISAKMP SA or all the ISAKMP SAs

Clear all or specific IPSec SAs

Clear the crypto SA counters

Re-enable NAT Traversal if it was disabled

Enter the IKE phase 2 (IPSec) transform-set context and create or edit IPSec parameters for the VPN tunnel

Set security-association lifetime

Specify whether each IKE phase 2 negotiation will employ PFS and, if yes, which Diffie-Hellman group to employ

Set the IKE phase 2 (IPSec) SA lifetime

Enable invalid SPI recovery (default setting)

Re-enable NAT Traversal keepalive if it was disabled, and configure the keepalive interval. This command keeps the NAT devices tables updated.

Enter the crypto ISAKMP peer context and create or edit an ISAKMP peer

Enable continuous-channel IKE, which keeps the IKE phase1 session always up and running, even if there is no traffic

Enter a description for the ISAKMP peer

Specify which IKE Phase-1 mode to use when communicating with the peer: aggressive or none

Set the ISAKMP policy for the ISAKMP peer

Enable DPD keepalives that check whether the remote peer is up

Bind an object tracker to a remote VPN peer or to an interface, to check whether the remote peer or the interface is up

Configure the IKE pre-shared key

Set the identity of this device

Generate a random string which you can use as a pre-shared key for IKE. You must use the same key on both peers.

Enter the crypto ISAKMP peer-group context and create or edit an ISAKMP peer group

Enter a description for the ISAKMP peer group

Add a peer to the peer-group

Enter the crypto ISAKMP policy context and create or edit IKE Phase 1 parameters

Set the authentication of ISAKMP policy to pre-shared secret

Enter a description for the ISAKMP policy

Set the encryption algorithm for an ISAKMP policy

Set the Diffie-Hellman group for an ISAKMP policy

Set the hash method for an ISAKMP policy

Set the lifetime of the ISAKMP SA in seconds

Generate a random string which you can use as a pre-shared key for IKE. You must use the same key on both peers.

Enter crypto map context and create or edit a crypto map

In a crypto ISAKMP peer context, enable continuous-channel IKE, which keeps the IKE phase1 session always up and running, even if there is no traffic

Enter a description for the crypto map

Set the DSCP value in the tunneled packet

Attach a peer to a crypto map

Attach a peer-group to a crypto map

Configure the transform-set

interface (fastethernet| dialer|vlan)

Enter the FastEthernet, Dialer, or VLAN interface context

Set the Don’t-Fragment bit to clear mode or copy mode

Set the minimal PMTU value that can be applied to an SA when the Branch Gateway participates in PMTUD for the tunnel pertaining to that SA

Activate a crypto list in the context of the interface on which the crypto list is activated

Enter crypto list context and create or edit a crypto list

Enter ip-rule context and create or modify a specific rule

Enter a description for the ip-rule in the ip crypto list

Specify the destination IP address of packets to which the current rule applies

Protect traffic that matches this rule by applying the IPSec processing configured by the specific crypto map

Indicate that the current rule applies to packets from the specified source IP address

Set the local IP address for the IPSec tunnels derived from this crypto list

Display the IPSec SA database and related runtime, statistical, and configuration information

Display the configuration for the specified transform-set or all transform-sets

Display crypto ISAKMP peer configuration

Display crypto ISAKMP peer-group configuration

Display ISAKMP policy configuration

Display the ISAKMP SA database status

Display all or specific crypto map configurations

Display information about a specific policy list or all lists

Display all or specific crypto list configurations