I have both dyanmic and static crypto maps in a IOS router crypto config. Should the dynamic maps have a higher (lower sequence #) preference than the static maps or visa-versa?
!
crypto dynamic-map RAS 1
set transform-set STRONG
!
crypto map ToClients 2 ipsec-isakmp dynamic RAS
crypto map ToClients 5 ipsec-isakmp
!
crypto map ToClients 10 ipsec-isakmp
!
crypto map ToClients 15 ipsec-isakmp
!
crypto map ToClients 20 ipsec-isakmp
!
or like this
!
crypto dynamic-map RAS 1
set transform-set STRONG
!
crypto map ToClients 5 ipsec-isakmp
!
crypto map ToClients 10 ipsec-isakmp
!
crypto map ToClients 15 ipsec-isakmp
!
crypto map ToClients 20 ipsec-isakmp
!
crypto map ToClients 65535 ipsec-isakmp dynamic RAS
Could you also say why one is preferred over the other.
