Configure Crypto Maps

The crypto map matches the IKE/IPsec configuration to the crypto ACL and puts into motion the other aspects of the VPN negotiation. The crypto map defines the following items:

• Which crypto ACL addresses the connection

• The IKE and IPsec Peer addresses

• Sets Perfect Forward Secrecy

• Defines the applicable transform set

• Sets the IPsec SA lifetime

Miami#configure terminal

Miami(config)#crypto map NewYork 120 ipsec-isakmp

Miami(config-crypto-map)#match address 105 Miami(config-crypto-map)#set peer Miami(config-crypto-map)#set pfs group5 Miami(config-crypto-map)#set transform-set 20

Miami(config-crypto-map)#set security-association lifetime seconds 1800

0 0

Post a comment