husycisco Mon, 12/17/2007 - 02:42

Hi Aksher

Sequence is not a concern actually. This is about having more than 1 peers that have different transform sets. Which means you may have one peer with ESP-3DES-MD5 other is ESP-3DES-HMAC and another with ESP-DES-MD5 and so on. The tunnel you desire will use the transform set you set with with following command, (it wont seek all availale transform sets in a sequential order)

crypto map outside_map xxx set transform-set yyyyyy

But isakmp policies can not be set tunnel specific as above. In this case, all available isakmp policies will be seeked and matched one will be chosen. But again, sequence is not a matter since seek process checks every existing isakmp policy


husycisco Mon, 12/17/2007 - 05:53


