Crypto Map Question on ASA 5540

[pblumer]

I have a dynamic crypto map 500. I am about to use up all the other crypto map underneath that for other static VPN customers. Will it create a problem if i go over that dynamic crypto map with my static maps? If so can i just move my dynamic map up to lets say 999 or 1000?

 

[HungryHouse]

According to Cisco's guidelines
"You should make crypto map entries referencing dynamic maps the lowest priority map entries, so that negotiations for security associations will try to match the static crypto map entries first. Only after the negotiation request does not match any of the static map entries do you want it to be evaluated against the dynamic map.

To make a dynamic crypto map the lowest priority map entry, give the map entry referencing the dynamic crypto map the highest seq-num of all the map entries in a crypto map set. "

I hope that helps!
-HH

Real trouble call:
Customer: "I have a huge problem. A friend has put a screensaver on my computer, but every time I move the mouse, it disappears!"