cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1110
Views
0
Helpful
1
Replies

VPN PIX 515E Which Isakmp Policy are applied?

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto map mapName 19 match address NAME_40_cryptomap
crypto map mapName set peer IPADDR
crypto map mapName 19 set transform-set ESP-AES-128-SHA


crypto map mapName 20 match address NAME_20_cryptomap
crypto map mapName 20 set peer IPADDR
crypto map mapName 20 set transform-set ESP-3DES-SHA
crypto map mapName interface IFNAME
crypto isakmp identity address
crypto isakmp enable IFNAME
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800

I need to be sure that when traffic matches access-list "NAME_40_cryptomap" Isakmp policy 50 are used.

And then traffic matches "NAME_20_cryptomap"  isakmp policy 10 are used.

How do i link the crypto map with the specefic isakmp policy?

Regards, Steffen.

1 REPLY 1

Jennifer Halim
Cisco Employee
Cisco Employee

You can't link isakmp policy with the crypto map.

For isakmp, during negotiation, it will go down the list from policy 10 to 30 to 50 until a match is found with the remote peer. Once a match is found, it will use that particular policy.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: