I setup a crypto keyring to deal with SOHO networks with changing ISP assigned addresses. But in doing so I found that my "regular" 1:1 peering setups started failing once their tunnels tried to rekey. So I setup a profile separate key ring for the 1:1 peer (which needs to have a different key from the SOHOs).
Anyhow - I have succeeded in breaking my 1:1 crypto maps. :-( Anyone know the mojo for having dynamic and 1:1 cryptomaps on one hub router?
crypto keyring spoke
pre-shared-key address 0.0.0.0 0.0.0.0 key yabadabadoo
crypto isakmp profile DynamicL2L
description dynamic LAN-to-LAN to spoke router
match identity address 0.0.0.0
crypto isakmp profile troublesome
match identity address 10.5.4.1 255.255.255.255
crypto map MYMAP 10 ipsec-isakmp
set peer 10.5.4.1
set transform-set transformer
set isakmp-profile troublesome
match address 166