Re: basic q:2-crypto maps on the same interface-dynamic

ozgurg · ‎04-21-2003

hello,

at the moment, i have a crypto-map configured on my outside interface,

where my vpns are defined with each sequence number...

crypto map x ...

crypto map x interface outside

now i want to configure pix for vpn_client

so i create a dynamic-map

crpyo dynamic-map y

and apply it with crypto map interface outside

will this one work ...

as far as i know you can apply only one crypto-map per interface...

Best Regards

mklaphek · ‎04-21-2003

You apply the dynamic map to the crypto map with a command like:

crypto map map-name 100 ipsec-isakmp dynamic dynamic-map

You can only apply one crypto map to an interface.

ozgurg · ‎04-21-2003

what i want to ask is, shortly

can i assign a crypto map (i.e. for site to site vpn) and a dynamic crypto map on the same interface?

TIA

pdentico · ‎04-21-2003

yes you can apply both the site-to-site VPN and a remote VPN map to an interface. They have to have the same crypto map id.

For example:

crypto dynamic-map remote 20 set transform-set vpn3-set

crypto map vpn-map 20 ipsec-isakmp

crypto map vpn-map 20 match address 101

crypto map vpn-map 20 set peer xx.xx.xx.xx

crypto map vpn-map 20 set transform-set vpn3-set

crypto map vpn-map 100 ipsec-isakmp dynamic remote

crypto map vpn-map interface outside

Enjoy

ozgurg · ‎04-21-2003

in your example,

how is the dynamic map applied to the interface,

with

crypto map vpn-map interface outside...

where as your dynamic map name is remote??

pdentico · ‎04-22-2003

yes exactly!! Sorry about leaving that out.