06-18-2018 06:31 AM - edited 03-05-2019 10:36 AM
I was wondering how a dynamic crypto map works? in a normal crypto map you define the interesting traffic you want to allow over the VPN, and do the same in reverse on the other side.
How does a dynamic crypto map work out what the interesting traffic is?
Thanks in advance.
Solved! Go to Solution.
06-18-2018 01:51 PM
Yes in a normal crypto map each peer specifically identifies the remote peer and each peer specifies what is interesting traffic (and both definitions need to match). In the normal crypto map we will begin authentication processing only for requests that come from the configured peer address. We typically use a dynamic map when one peer is not able to specifically identify the other peer (most often because the other peer has a dynamic IP address). With the dynamic crypto map we will begin authentication processing for any request that we receive. And if authentication is successful then the remote peer sends their definition of interesting traffic and we adopt that definition of interesting traffic.
HTH
Rick
06-18-2018 01:51 PM
Yes in a normal crypto map each peer specifically identifies the remote peer and each peer specifies what is interesting traffic (and both definitions need to match). In the normal crypto map we will begin authentication processing only for requests that come from the configured peer address. We typically use a dynamic map when one peer is not able to specifically identify the other peer (most often because the other peer has a dynamic IP address). With the dynamic crypto map we will begin authentication processing for any request that we receive. And if authentication is successful then the remote peer sends their definition of interesting traffic and we adopt that definition of interesting traffic.
HTH
Rick
06-19-2018 02:05 AM
Thanks for the explanation Richard, this has helped me getting a better understanding of how they work.
06-19-2018 08:12 AM
I am glad that my explanation was helpful and that you now have a better understanding. Thank you for marking this question as solved. This will help other readers in the forum to identify discussions which have helpful information. These forums are excellent places to ask questions and to learn about networking. I hope to see you continue to be active in the forum.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide