Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
440
Views
0
Helpful
1
Replies

The difference between "ipsec-isakmp dynamic" and "ipsec-isakmp profile" cyrpto map configs

thomasmcleod
Level 1
Level 1

‎02-10-2015 07:39 AM - edited ‎02-21-2020 08:04 PM

 

The IOS documentation for the crypto map command gives the syntax as

crypto map [ipv6] map-name seq-num [ ipsec-isakmp [ dynamic dynamic-map-name | discover | profile profile-name ] ]

 

I have a 881w ISR. In what different situations do we use the ipsec-isakmp dynamic form as opposed to the ipsec-isakmp profile form?

I understand that ipsec-isakmp profile is applied directly to the vpdn-group. Does this substitute for applying the crypto map directing to the WAN interface? Why would I want to do that?

 

Labels:
0 Helpful
1 Reply 1

AllertGen
Level 3
Level 3

‎02-12-2015 01:01 AM

Hello, .

The main difference between dynamic and profile in conditions to establish VPN connection. You can look at the difference if you compare EzVPN (dynamic profiles) technology with Lan-2-Lan (manual profile) technology.

And why you should put crypto map to the interface. After puting this command to interface Cisco is starting to check traffic for encryption rules. In fact it can be any interface (not only WAN) when you want use encrypted VPN channel.

Best Regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents