Cisco ASA 5505 User Manual
Page 1537
69-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 69 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Dynamic crypto map entries identify the transform set for the connection. You also enable reverse
routing, which lets the ASA learn routing information for connected clients, and advertise it via RIP or
OSPF.
Use the command syntax in the following examples as a guide.
Detailed Steps
Creating a Crypto Map Entry to Use the Dynamic Crypto Map
This section describes how to create a crypto map entry that lets the ASA use the dynamic crypto map
to set the parameters of IPsec security associations.
In the following examples for this command, the name of the crypto map is mymap, the sequence number
is 1, and the name of the dynamic crypto map is dyn1, which you created in the previous section,
“
Use the command syntax in the following examples as a guide.
Command
Purpose
Step 1
For IKEv1, use this command:
crypto dynamic-map
dynamic-map-name
seq-num set ikev1 transform-set
transform-set-name
Example:
hostname(config)# crypto dynamic-map dyn1
1 set ikev1 transform-set FirstSet
hostname(config)#
For IKEv2, use this command:
crypto dynamic-map
dynamic-map-name
seq-num set ikev2 ipsec-proposal
proposal-name
Example:
hostname(config)# crypto dynamic-map dyn1
1 set ikev2 ipsec-proposal FirstSet
hostname(config)#
Creates a dynamic crypto map and specifies an IKEv1 transform
set or IKEv2 proposal for the map.
Step 2
crypto dynamic-map
dynamic-map-name
dynamic-seq-num set reverse-route
Example:
hostname(config)# crypto dynamic-map dyn1
1 set reverse route
hostname(config)#
(Optional) Enables Reverse Route Injection for any connection
based on this crypto map entry.