We are impelementing IPSec manual site to site because other site doesn't
support IKE. I know that if you implement IPSec manual keying
-- ACL's for crypto map entries tagged as ipsec-manual are restricted to as
single permit entry and subsequent entries are ignored.
-- The SAs established by a manual crypto map entry are only for a single
IKE doesn't have any restrictions like that. Is this because of IKE
automatically assigns SPI numbers to the other permit entries for the same
access-list. Or is there any other reason?
I know the solution for the IPSec manual restriction of permit entries. I
want to know why is this restriction. Because of one SPI for one permit
Any help will be really appreciated.