Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

crypto dynamic-map and VPN

The system architecture is like this: A PIX firewall with a global public IP and inside is the private network. A remote locationn will try to access to the firewall via VPN connection.

1) What is the crypto dynamic-map used for? For a VPN, is the crypto map an optional or a MUST?

2) In order to disable the statement of:

access-list outside_cryptomap_dyn_20 line 1 permit ip any

--What are the differences between use statements a) and b) as follows, which is better:

a)no crypto dynamic-map dynamic-map-outside 20 match address outside_cryptomap_dyn_20


b) no access-list outside_cryptomap_dyn_20 line 1 permit ip any

Thanks to help.



Re: crypto dynamic-map and VPN


For creating a VPN u need to have the crypto map command keyed in which will define the IPSEC paramaters.

AFAIK regarding dynamic vpn its being used when you are having easy vpn server kinda config wherein your remote clients will dialin ,gets authenticated and assigned with an ip using which they can access the resources available in the central location.

Setup basically used up for mobile/remote users who got vpn clients loaded in their box.

About removing the commands usnig no statement they are 2 different CLI using the first one ur creating the dynamic map which is used for Remote Access VPNs by the mobile users using VPN clients...

second one deals in removing the access being given remote users to the inside up address..

both holds different kinda operations altogether...