ASA version 8.2
I ran the IPsec wizard on my 5510 for remote access. It would seem that by default ISAKMP is enabled on both the inside and outside interfaces. Furthermore, my default dynamic crypto map is enabled on both the inside and outside interfaces. I would like to enable RRI for pools of addresses assigned to my remote workers. Right now I have static routes - I'd ideally like RRI and redistribution. Enabling RRI fails due to the fact that the dynamic mapping exists on multiple interfaces. When I try to delete the map from the inside interface, it deletes the outside map as well. So my questions are these:
1. Should I have ISAKMP enabled on my inside interface if I'm terminating my VPN tunnels on the outside interface?
2. Is having ISAKMP enabled on the inside interface the reason why deleting the dynamic crypto map on the inside interface also deletes it from the outside interface? (this occurs in the ASDM, haven't tried it on the CLI).
I can concede that I may have to configure this manually on the CLI as opposed to wizards due to the advanced configuration to enable RRI. Any thoughts/suggestions would be appreciated.