Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN traversal question

Guys need to know what does the follwoing line do

  • ASA-AIP-CLI(config)#crypto dynamic-map Outside_dyn_map 10 set reverse-route

  • ASA-AIP-CLI(config)#crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000

  • ASA-AIP-CLI(config)#crypto map Outside_map 10 ipsec-isakmp dynamic Outside_dyn_map

  • secondly what does the following command do

    ASA-AIP-CLI(config)#crypto isakmp nat-traversal

    Thanks as always

    • VPN
    1 REPLY
    Cisco Employee

    VPN traversal question

    crypto dynamic-map Outside_dyn_map 10 set reverse-route

    --> if you are running dynamic routing protocols, that command will inject a static route back towards your dynamic routing protocol for the vpn client pool/assigned address. Also need configure: redistribute static, in your routing process.

    crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000

    --> configure the lifetime for Phase 2 (IPSec) to 288000 seconds (80 hours)

    crypto map Outside_map 10 ipsec-isakmp dynamic Outside_dyn_map

    --> applying that dynamic crypto map to the crypto map so you can apply it to the outside interface

    crypto isakmp nat-traversal

    --> when it detects NAT device along the path of the VPN tunnel, it encapsulates the ESP protocol to UDP/4500

    Hope that helps.

    350
    Views
    5
    Helpful
    1
    Replies