Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1257
Views
0
Helpful
1
Replies

VPN PIX 515E Which Isakmp Policy are applied?

Steffen Frederiksen
Level 1
Level 1

‎05-24-2012 04:44 AM

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto map mapName 19 match address NAME_40_cryptomap
crypto map mapName set peer IPADDR
crypto map mapName 19 set transform-set ESP-AES-128-SHA


crypto map mapName 20 match address NAME_20_cryptomap
crypto map mapName 20 set peer IPADDR
crypto map mapName 20 set transform-set ESP-3DES-SHA
crypto map mapName interface IFNAME
crypto isakmp identity address
crypto isakmp enable IFNAME
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800

I need to be sure that when traffic matches access-list "NAME_40_cryptomap" Isakmp policy 50 are used.

And then traffic matches "NAME_20_cryptomap"  isakmp policy 10 are used.

How do i link the crypto map with the specefic isakmp policy?

Regards, Steffen.

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎05-24-2012 05:08 AM

You can't link isakmp policy with the crypto map.

For isakmp, during negotiation, it will go down the list from policy 10 to 30 to 50 until a match is found with the remote peer. Once a match is found, it will use that particular policy.

0 Helpful
Customers Also Viewed These Support Documents