two Crypto isakmp policies associatted to same crypto map

metzj · ‎07-10-2007

How do I map the second isakmp policy to the correct crypto map?

crypto isakmp policy 1

encr 3des

authentication pre-share

!

crypto isakmp policy 2

encr aes 256

authentication pre-share

group 2

crypto isakmp key redmond address x.x.x.x

crypto isakmp key OregonVideo-08012005 address x.x.x.x

crypto isakmp key hillsboro address x.x.x.x

crypto isakmp key 123456789 address x.x.x.x

!

crypto ipsec transform-set ts esp-3des esp-sha-hmac

mode transport

crypto ipsec transform-set leds esp-aes 256

mode transport

!

crypto map salem-map 10 ipsec-isakmp

set peer x.x.x.x

set transform-set ts

match address 101

crypto map salem-map 20 ipsec-isakmp

description Gtech VPN Connection

set peer x.x.x.x

set security-association lifetime seconds 86400

set transform-set ts

match address 102

crypto map salem-map 30 ipsec-isakmp

set peer x.x.x.x

set transform-set ts

match address 103

crypto map salem-map 50 ipsec-isakmp

set peer x.x.x.x

set security-association lifetime seconds 86400

set transform-set leds

match address 105

crypto map salem-map 50 I would like to associate isakmp policy 2.

Thanks for any suggestions

Jon Marshall · ‎07-10-2007

Hi

You don't map isakmp policies to crypto map entries. What happens is that your isakmp policies are tested in numerical order against the remote peer and if any of htme match then it moves onto phase 2 of the IPSEC tunnel.

HTH

Jon