What are different between Crypto map ?

Answered Question
Mar 15th, 2010

Dear All,

I would like to ask you some question about two command are different crypto map mymap 10 ipsec−isakmp
and crypto map mymap 20 ipsec−isakmp.

1- What are different on this commnad?

2- Why we need to follow two command as below:

no ip route−cache
no ip mroute−cache
------------------------------------------------------------

crypto isakmp policy 10
hash md5
authentication pre−share
crypto isakmp key cisco123 address 10.1.2.1
crypto isakmp key cisco123 address 10.1.3.1
!
crypto ipsec transform−set myset esp−des esp−md5−hmac

!
crypto map mymap 10 ipsec−isakmp
set peer 10.1.2.1
set transform−set myset
match address 120
!
crypto map mymap 20 ipsec−isakmp
set peer 10.1.3.1
set transform−set myset
match address 120
!
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
!
interface Ethernet1
ip address 10.1.4.1 255.255.255.0
no ip route−cache
no ip mroute−cache
crypto map mymap
------------------------------------------------------------------------------------------------

crypto isakmp policy 10
hash md5
authentication pre−share
crypto isakmp key cisco123 address 10.1.2.1
crypto isakmp key cisco123 address 10.1.3.1
!
crypto ipsec transform−set myset esp−des esp−md5−hmac

!
crypto map mymap 10 ipsec−isakmp
set peer 10.1.2.1
set peer 10.1.3.1
set transform−set myset
match address 110
!
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
!
interface Ethernet1
ip address 10.1.4.1 255.255.255.0
no ip route−cache
no ip mroute−cache
crypto map mymap

Best Regards,

Rechard

I have this problem too.
0 votes
Correct Answer by Federico Coto F... about 6 years 8 months ago

Hi,

The crypto maps 10 and 20 are two different instances of the same crypto map.
For the crypto map 10, you're specifying the peer as 10.1.2.1 and for the crypto map 20, the peer as
10.1.3.1
This means the router can create two VPN tunnels to both IPs to reach the same site.

See, that on the other router, you have two set peers under the crypto map 10, this means the router
will attempt to establish the tunnel to the first IP and if it does not receive a response will try
the next one.

The ip route-cache command is to control the use of swithing methods for forwarding IP packets.
ip route-cache was commonly used for fast-switching now replaced by CEF

The ip mroute-cache command is the same as above but for multicast traffic.

To answer your questions you don't really need those commands.

Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Federico Coto F... Mon, 03/15/2010 - 20:29

Hi,

The crypto maps 10 and 20 are two different instances of the same crypto map.
For the crypto map 10, you're specifying the peer as 10.1.2.1 and for the crypto map 20, the peer as
10.1.3.1
This means the router can create two VPN tunnels to both IPs to reach the same site.

See, that on the other router, you have two set peers under the crypto map 10, this means the router
will attempt to establish the tunnel to the first IP and if it does not receive a response will try
the next one.

The ip route-cache command is to control the use of swithing methods for forwarding IP packets.
ip route-cache was commonly used for fast-switching now replaced by CEF

The ip mroute-cache command is the same as above but for multicast traffic.

To answer your questions you don't really need those commands.

Federico.

Actions

This Discussion