crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmaccrypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map mapName 19 match address NAME_40_cryptomapcrypto map mapName set peer IPADDRcrypto map mapName 19 set transform-set ESP-AES-128-SHA
crypto map mapName 20 match address NAME_20_cryptomapcrypto map mapName 20 set peer IPADDRcrypto map mapName 20 set transform-set ESP-3DES-SHAcrypto map mapName interface IFNAMEcrypto isakmp identity addresscrypto isakmp enable IFNAMEcrypto isakmp policy 10authentication pre-shareencryption 3deshash md5group 2lifetime 86400crypto isakmp policy 30authentication pre-shareencryption 3deshash shagroup 2lifetime 86400crypto isakmp policy 50authentication pre-shareencryption aeshash shagroup 2lifetime 28800
I need to be sure that when traffic matches access-list "NAME_40_cryptomap" Isakmp policy 50 are used.
And then traffic matches "NAME_20_cryptomap" isakmp policy 10 are used.
How do i link the crypto map with the specefic isakmp policy?
You can't link isakmp policy with the crypto map.
For isakmp, during negotiation, it will go down the list from policy 10 to 30 to 50 until a match is found with the remote peer. Once a match is found, it will use that particular policy.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: