Applying crypto maps to interfaces – Cisco ASA 5505 User Manual

Page 1586

Advertising
background image

73-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 73 Configuring LAN-to-LAN IPsec VPNs

Creating a Crypto Map and Applying It To an Interface

Step 3

To specify an IKEv1 transform set for a crypto map entry, enter the crypto map ikev1 set transform-set
command.

The syntax is crypto map map-name seq-num ikev1 set transform-set transform-set-name.
In the following example the transform set name is FirstSet.

hostname(config)# crypto map abcmap 1 set transform-set FirstSet

hostname(config)#

Step 4

To specify an IKEv2 proposal for a crypto map entry, enter the crypto map ikev2 set ipsec-proposal
command:

The syntax is crypto map map-name seq-num set ikev2 ipsec-proposal proposal-name.
In the following example the proposal name is secure.

hostname(config)# crypto map abcmap 1 set ikev2 ipsec-proposal secure

hostname(config)#

Applying Crypto Maps to Interfaces

You must apply a crypto map set to each interface through which IPsec traffic travels. The ASA supports
IPsec on all interfaces. Applying the crypto map set to an interface instructs the ASA to evaluate all
interface traffic against the crypto map set and to use the specified policy during connection or security
association negotiations.

Binding a crypto map to an interface also initializes the runtime data structures, such as the security
association database and the security policy database. When you later modify a crypto map in any way,
the ASA automatically applies the changes to the running configuration. It drops any existing
connections and reestablishes them after applying the new crypto map.

Step 1

To apply the configured crypto map to the outside interface, enter the crypto map interface command.
The syntax is crypto map map-name interface interface-name.

hostname(config)# crypto map abcmap interface outside

hostname(config)#

Step 2

Save your changes.

hostname(config)#

write memory

hostname(config)#

Advertising