crypto ipsec ike {clear sa [peer {any | <ipv4v6-address>} local <ip-address>] | restart} Manage the IKE (ISAKMP) process or database state. | ||
Syntax Description | clear | Clears IKE (ISAKMP) peering state |
sa | Clears IKE generated ISAKMP and IPSec security associations (remote peers are affected) | |
peer | Clears security associations for the specified IKE peer (remote peers are affected).
| |
local | Clear security associations for the specified/all IKE peering (remote peer is affected) | |
restart | Restarts the IKE (ISAKMP) daemon (clears all IKE state, peers may be affected) | |
Default | N/A | |
Configuration Mode | config | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |
crypto ipsec peer <ipv4v6-address> local <ipv4v6-address> {enable | keying {ike [auth {hmac-md5 | hmac-sha1 | hmac-sha256 | null} | dh-group | disable | encrypt | exchange-mode | lifetime | local-identity | mode | peer-identity | pfs-group | preshared-key | prompt-preshared-key | transform-set] | manual [auth | disable | encrypt | local-spi | mode | remote-spi]}} Configures ipsec in the system. | ||
Syntax Description | enable | Enables IPSec peering |
ike | Configures IPSec peering using IKE ISAKMP to manage SA keys.
| |
keying | Configures key management for this IPSec peering:
| |
manual | Configures IPSec peering using manual keys | |
Default | N/A | |
Configuration Mode | config | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |
crypto certificate ca-list [default-ca-list {name {<CA list name> | system-self-signed}}] no crypto certificate ca-list [default-ca-list {name {<cert-name> | system-self-signed}}] Adds the specified CA certificate to the default CA certificate list. The no form of the command removes the certificate from the default CA certificate list. | ||
Syntax Description | cert-name | Name of the certificate |
Default | N/A | |
Configuration Mode | config | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |
|
crypto certificate default-cert [{name {<cert-name> | system-self-signed}}] no crypto certificate default-cert [{name {<cert-name> | system-self-signed} Designates the named certificate as the global default certificate role for authentication of this system to clients. The no form of the command reverts the default-cert name to “system-self-signed” (the “cert-name” value is optional and ignored). | ||
Syntax Description | cert-name | Name of the certificate |
Default | N/A | |
Configuration Mode | config | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |
|
crypto certificate generation {default {country-code | days-valid | email-addr | key-size-bits | locality | org-unit | organization | state-or-prov} Configures default values for certificate generation. | ||
Syntax Description | country-code | Configures the default certificate value for country code with a two-alphanumeric-character code or – for none |
days-valid | Configures the default certificate valid days. Default: 365 days. | |
email-addr | Configures the default certificate value for email address | |
key-size-bits | Configures the default certificate value for private key size. (Private key length in bits – at least 1024, but 2048 is strongly recommended.) | |
locality | Configures the default certificate value for locality | |
org-unit | Configures the default certificate value for organizational unit | |
organization | Configures the default certificate value for the organization name | |
state-or-prov | Configures the default certificate value for state or province | |
Default | N/A | |
Configuration Mode | config | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |
crypto certificate name {<name> | system-self-signed} {comment <new comment> | generate self-signed [comment <cert-comment> | common-name <domain> | country-code <code> | days-valid <days> | email-addr <address> | key-size-bits <bits> | locality <name> | org-unit <name> | organization <name> | serial-num <number> | state-or-prov <name>]} | private-key pem <PEM string> | prompt-private-key | public-cert [comment <comment string> | pem <PEM string>] | regenerate days-valid <days> | rename <new name>} no crypto certificate name <cert-name> Configures default values for certificate generation. The no form of the command clears/deletes certain certificate settings. | ||
Syntax Description | cert-name | Unique name by which the certificate is identified |
comment | Specifies a certificate comment | |
generate self-signed | Generates certificates. This option has the following parameters which may be entered sequentially in any order:
| |
private-key pem | Specifies certificate contents in PEM format | |
prompt-private-key | Prompts for certificate private key with secure echo | |
public-cert | Installs a certificate | |
regenerate | Regenerates the named certificate using configured certificate generation default values for the specified validity period | |
rename | Renames the certificate | |
Default | N/A | |
Configuration Mode | config | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |
crypto certificate system-self-signed regenerate [days-valid <days>] Configures default values for certificate generation. | ||
Syntax Description | days-valid | Specifies the number of days the certificate is valid |
Default | N/A | |
Configuration Mode | config | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |
show crypto certificate [detail | public-pem | default-cert [detail | public-pem] | [name <cert-name> [detail | public-pem] | ca-list [default-ca-list]] Displays information about all certificates in the certificate database. | ||
Syntax Description | ca-list | Specifies the number of days the certificate is valid |
default-ca-list | Displays information about the currently configured default certificates of the CA list | |
default-cert | Displays information about the currently configured default certificate | |
detail | Displays all attributes related to the certificate | |
name | Displays information about the certificate specified | |
public-pem | Displays the uninterpreted public certificate as a PEM formatted data string | |
Default | N/A | |
Configuration Mode | Any configuration mode | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |
show crypto ipsec [brief | configured | ike | policy | sa] Displays information ipsec configuration. | ||
Syntax Description | N/A | |
Default | N/A | |
Configuration Mode | Any configuration mode | |
History | 1.1.0 | |
Example |
| |
Related Commands | ||
Notes |