Applying Crypto Maps To Interfaces - Cisco FirePOWER ASA 5500 series Configuration Manual

Chapter 36 Configuring LAN-to-LAN IPSec VPNs
To identify the peer (s) for the IPSec connection, enter the crypto map set peer command.
Step 2
The syntax is crypto map map-name seq-num set peer {ip_address1 | hostname1}[... ip_address10 |
hostname10]. In the following example the peer name is 10.10.4.108.
hostname(config)# crypto map abcmap 1 set peer 10.10.4.108
hostname(config)#
Step 3 To specify a transform set for a crypto map entry, enter the crypto map set transform-set command.
The syntax is crypto map map-name seq-num set transform-set transform-set-name. In the following
example the transform set name is FirstSet.
hostname(config)# crypto map abcmap 1 set transform-set FirstSet
hostname(config)#

Applying Crypto Maps to Interfaces

You must apply a crypto map set to each interface through which IPSec traffic travels. The security
appliance supports IPSec on all interfaces. Applying the crypto map set to an interface instructs the
security appliance to evaluate all interface traffic against the crypto map set and to use the specified
policy during connection or security association negotiations.
Binding a crypto map to an interface also initializes the runtime data structures, such as the security
association database and the security policy database. When you later modify a crypto map in any way,
the security appliance automatically applies the changes to the running configuration. It drops any
existing connections and reestablishes them after applying the new crypto map.
To apply the configured crypto map to the outside interface, enter the crypto map interface command.
Step 1
The syntax is crypto map map-name interface interface-name.
hostname(config)#
hostname(config)#
Step 2 Save your changes.
hostname(config)#
hostname(config)#
OL-10088-01
crypto map abcmap interface outside
write memory
Cisco Security Appliance Command Line Configuration Guide
Creating a Crypto Map and Applying It To an Interface
36-7