Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

crypto map sequence numbers

I have both dyanmic and static crypto maps in a IOS router crypto config. Should the dynamic maps have a higher (lower sequence #) preference than the static maps or visa-versa?

!

crypto dynamic-map RAS 1

set transform-set STRONG

!

crypto map ToClients 2 ipsec-isakmp dynamic RAS

crypto map ToClients 5 ipsec-isakmp

!

crypto map ToClients 10 ipsec-isakmp

!

crypto map ToClients 15 ipsec-isakmp

!

crypto map ToClients 20 ipsec-isakmp

!

or like this

!

crypto dynamic-map RAS 1

set transform-set STRONG

!

crypto map ToClients 5 ipsec-isakmp

!

crypto map ToClients 10 ipsec-isakmp

!

crypto map ToClients 15 ipsec-isakmp

!

crypto map ToClients 20 ipsec-isakmp

!

crypto map ToClients 65535 ipsec-isakmp dynamic RAS

Could you also say why one is preferred over the other.

1 REPLY
Silver

Re: crypto map sequence numbers

dynamic maps should have the highest number so that they have the lowest priority so that routers don't negotiate with them, and possibly obtain inappropriate settings intended for wildcard, dynamically addressed vpn end users

1314
Views
0
Helpful
1
Replies
CreatePlease to create content