Remote Networking

Aruba Employee

Changing IKE and IPSEC parameters

I'm trying to figure out which IKE policy and ipsec transform-set and crypto-maps are used for cert-based RAPs. The two IKE policies configured on a controller by default are configured for pre-share key, so it can't be either of those, but there isn't one even configured for rsa sigs. So what IKE policy is it using?

Also, I want to enable PFS (w/ DH group 2) in whatever crypto-map is used for IPSEC. There's one map, default-dynamicmap, but if I configure "set pfs group2" in there, and issue a "show crypto ipsec sa" the output shows, "PFS: No".
Aruba Employee

Re: Changing IKE and IPSEC parameters

I guess I'll open a case...
Search Airheads
Showing results for 
Search instead for 
Did you mean: