Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Crypto Dynamic Map

I am trying to configure a site-to-site VPN using 2 pix 501 firewall. My remote site is using dynamic address while my main site is using static address. I had read about crypto dynamic map is needed for my implementation. But should the crypto dynamic map to be configure on both pix firewall or just only the main site? Does anyone know the answer? Pls help

1 REPLY

Re: Crypto Dynamic Map

hi

Dynamic map configuration should be done in the main site where you have the static ip address configured.

so that the site can accpet the ipsec connection from any dynamic assigned sites.

At your remote location since you know the statc ip of the peer with which you are going to have the ipsec connectivity you can mention the same in the ipsec policies.

Also do take care of the encryption strength and the interesting traffic you mention up for encyrption on both the sides..

regds

248
Views
0
Helpful
1
Replies
CreatePlease to create content