×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN PIX 515E Which Isakmp Policy are applied?

Unanswered Question
May 24th, 2012
User Badges:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac


crypto map mapName 19 match address NAME_40_cryptomap
crypto map mapName set peer IPADDR
crypto map mapName 19 set transform-set ESP-AES-128-SHA


crypto map mapName 20 match address NAME_20_cryptomap
crypto map mapName 20 set peer IPADDR
crypto map mapName 20 set transform-set ESP-3DES-SHA
crypto map mapName interface IFNAME
crypto isakmp identity address
crypto isakmp enable IFNAME
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption aes
hash sha
group 2
lifetime 28800


I need to be sure that when traffic matches access-list "NAME_40_cryptomap" Isakmp policy 50 are used.


And then traffic matches "NAME_20_cryptomap"  isakmp policy 10 are used.


How do i link the crypto map with the specefic isakmp policy?


Regards, Steffen.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Thu, 05/24/2012 - 05:08
User Badges:
  • Cisco Employee,

You can't link isakmp policy with the crypto map.

For isakmp, during negotiation, it will go down the list from policy 10 to 30 to 50 until a match is found with the remote peer. Once a match is found, it will use that particular policy.

Actions

This Discussion