Showing results for 
Search instead for 
Did you mean: 

The difference between "ipsec-isakmp dynamic" and "ipsec-isakmp profile" cyrpto map configs

Level 1
Level 1


The IOS documentation for the crypto map command gives the syntax as

crypto map [ipv6] map-name seq-num [ ipsec-isakmp [ dynamic dynamic-map-name | discover | profile profile-name ] ]


I have a 881w ISR. In what different situations do we use the ipsec-isakmp dynamic form as opposed to the ipsec-isakmp profile form?

I understand that ipsec-isakmp profile is applied directly to the vpdn-group. Does this substitute for applying the crypto map directing to the WAN interface? Why would I want to do that?


1 Reply 1

Level 3
Level 3

Hello, .

The main difference between dynamic and profile in conditions to establish VPN connection. You can look at the difference if you compare EzVPN (dynamic profiles) technology with Lan-2-Lan (manual profile) technology.

And why you should put crypto map to the interface. After puting this command to interface Cisco is starting to check traffic for encryption rules. In fact it can be any interface (not only WAN) when you want use encrypted VPN channel.

Best Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: