Argument/Option Description
group 1 Indicates that the Diffie-Hellman group 1 (768-bit) modulus should
be used when the key exchange for the esp-des and esp-3des
transforms is performed.
group 2 Indicates that the Diffie-Hellman group 2 (1024-bit) modulus should
be used when the key exchange for the esp-des and esp-3des
transforms is performed.
group 5 Indicates that the Diffie-Hellman group 5 (1536-bit) modulus should
be used. This group should always be used with aes, aes-192, and aes-
256 due to the large key sizes used by AES.
set transform-set Specifies the transform to be used for the crypto map entry. You can
list up to six transform sets by priority. The Security Appliance
automatically selects the most secure transform that is listed on both
peers.
transform-set-name Specifies the transform set by name.
set securityassociation
lifetime
A second location for configuring the SA lifetime. This setting will
override the global SA lifetime for a specific crypto map.
seconds seconds The SA lifetime in seconds.
kilobytes kilobytes The SA lifetime in kilobytes.
dynamic Specifies that the crypto map entry must reference a preexisting
dynamic crypto map.
dynamic-map-name Specifies the dynamic crypto map.
aaa-server-name Specifies the AAA server that authenticates the user during IKE
authentication. The Security Appliance supports Terminal Access
Controller Access Control System (TACACS+) and Remote
Authentication Dial-In User Service (RADIUS) for this function.