1-11
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring LAN-to-LAN IPsec VPNs
Creating a Crypto Map and Applying It To an Interface
Note If combined mode (AES-GCM/GMAC) and normal mode (all others) algorithms exist in the
IPsec proposal, then you cannot send a single proposal to the peer. You must have at least two
proposals in this case, one for combined mode and one for normal mode algorithms.
hostname(config)# crypto map abcmap 1 set ikev2 ipsec-proposal secure
hostname(config)#
Applying Crypto Maps to Interfaces
You must apply a crypto map set to each interface through which IPsec traffic travels. The ASA supports
IPsec on all interfaces. Applying the crypto map set to an interface instructs the ASA to evaluate all
interface traffic against the crypto map set and to use the specified policy during connection or security
association negotiations.
Binding a crypto map to an interface also initializes the runtime data structures, such as the security
association database and the security policy database. When you later modify a crypto map in any way,
the ASA automatically applies the changes to the running configuration. It drops any existing
connections and reestablishes them after applying the new crypto map.
To apply the configured crypto map to the outside interface, perform the following steps:
Step 1 Enter the crypto map interface command. The syntax is crypto map map-name interface
interface-name.
hostname(config)# crypto map abcmap interface outside
hostname(config)#
Step 2 Save your changes.
hostname(config)# write memory
hostname(config)#
To Next Page
Loading...
Need help?
General