Cisco Support Community
Community Member

configuring SLA's that use crypto line in a 3560

currently, i'm using a 1841 RTR with an SLA config-ed that tells the RTR to build a VPN tunnel to our ASA.  below is the config

ip sla monitor 1

type echo protocol ipIcmpEcho

timeout 1000

threshold 2

frequency 3

ip sla monitor schedule 1 life forever start-time now


track 123 rtr 1 reachability

crypto isakmp policy 20

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key CISCO address no-xauth



crypto ipsec transform-set ESP-MD5-3DES esp-3des esp-md5-hmac


crypto map backup 4 ipsec-isakmp

set peer

set transform-set ESP-MD5-3DES

match address 100

But, what I'm finding is that the 1841 is slowing down traffic so i've installed a 3560, sans the SLA.  And traffic speed has increased with the 3560 in place.

but now i'd like to install the SLA.

in order to do the VPN tunnel build, i know i'll need the ADVSECURITY IOS .

is there anything i'm missing?

Thanks, Gary

CreatePlease to create content