Crypto Map Question on ASA 5540

pblumer · Jan 28, 2011

I have a dynamic crypto map 500. I am about to use up all the other crypto map underneath that for other static VPN customers. Will it create a problem if i go over that dynamic crypto map with my static maps? If so can i just move my dynamic map up to lets say 999 or 1000?

HungryHouse · Feb 2, 2011

According to Cisco's guidelines
"You should make crypto map entries referencing dynamic maps the lowest priority map entries, so that negotiations for security associations will try to match the static crypto map entries first. Only after the negotiation request does not match any of the static map entries do you want it to be evaluated against the dynamic map.

To make a dynamic crypto map the lowest priority map entry, give the map entry referencing the dynamic crypto map the highest seq-num of all the map entries in a crypto map set. "

I hope that helps!
-HH

Real trouble call:
Customer: "I have a huge problem. A friend has put a screensaver on my computer, but every time I move the mouse, it disappears!"

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Crypto Map Question on ASA 5540

pblumer

IS-IT--Management

HungryHouse

Vendor

Similar threads

Part and Inventory Search

Sponsor