Purpose of Crypto Maps

Crypto maps pull together the various parts configured for IPSec, including:

• The traffic to be protected by IPSec and a set of SAs

• The local address to be used for the IPSec traffic

• The destination location of IPSec-protected traffic

• The IPSec type to be applied to this traffic

• The method of establishing SAs (manually or via RSA)

• Other parameters needed to define an IPSec SA

© 2004 Cisco Systems, In

Crypto map entries that are created for IPSec set up SA parameters, thus tying together the various parts that are configured for IPSec, including:

■ The traffic to be protected by IPSec and a set of SAs (crypto ACL): The access list defines the address, protocol, and port information for traffic that will be encrypted.

The local address to be used for the IPSec traffic: The source address specified by the access list and the crypto map peer define the local address for IPSec traffic.

The destination location of IPSec-protected traffic: The destination specified by the access list defines the identity of the remote IPSec peer.

The type IPSec security applied to this traffic: The transform set applies the method of encryption and authentication.

The method of SA establishment: This establishment may be completed manually (preshared) or through RSA.

Other: Other parameters that might be necessary to define an IPSec SA.

0 0

Post a comment