husycisco Mon, 12/17/2007 - 02:42

Hi Aksher

Sequence is not a concern actually. This is about having more than 1 peers that have different transform sets. Which means you may have one peer with ESP-3DES-MD5 other is ESP-3DES-HMAC and another with ESP-DES-MD5 and so on. The tunnel you desire will use the transform set you set with with following command, (it wont seek all availale transform sets in a sequential order)

crypto map outside_map xxx set transform-set yyyyyy

But isakmp policies can not be set tunnel specific as above. In this case, all available isakmp policies will be seeked and matched one will be chosen. But again, sequence is not a matter since seek process checks every existing isakmp policy


husycisco Mon, 12/17/2007 - 05:53


It looks like you have asked many questions but havent rated posts yet. Please click on "How NetPro Ratings work" at left below the "Meet the Netpros" box and read "Why should I rate"

Rating does not cost any fee



This Discussion