Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
2
Replies

Changing 'crypto map mymap 10 ipsec-isakmp'

itsupport
Level 1
Level 1

‎12-19-2003 10:04 AM - edited ‎02-21-2020 12:58 PM

I'm looking to change:

from: 'crypto map mymap 10 ipsec-isakmp'

to: 'crypto map mymap 10 ipsec-isakmp dynamic dynmap'

Currently I have several VPNs going into the device. I've made the change off-hours and found that my current VPN tunnels will not reinitiate themselves even after issuing 'clear crypto ipsec sa' and 'clear crypto isakmp sa'. Am I missing a step?

Labels:
0 Helpful
2 Replies 2

jsivulka
Level 5
Level 5

‎12-24-2003 09:33 AM

The tunnel should get reinitiated as soon as interesting traffic needs to be sent across. If that is not happening then you are probably running into a configuration error. A dynamic crypto map must specify a transform set in the least. Here is an example of one I configured on my PIX

crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac

crypto dynamic-map map2 10 set transform-set trmset1

crypto map map1 10 ipsec-isakmp dynamic map2

0 Helpful

mostiguy
Level 6
Level 6

‎12-26-2003 09:43 AM

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800948b8.shtml

The "pix 1" in this example is configured for both a tunnel to another pix, and for end user access. Pix 1 should be an ideal template for what you are trying to achieve

0 Helpful
Customers Also Viewed These Support Documents