Cisco ASA Series Cli Configuration Manual page 1757

Chapter 1 Configuring Remote Access IPsec VPNs
Dynamic crypto map entries identify the transform set for the connection. You also enable reverse
routing, which lets the ASA learn routing information for connected clients, and advertise it via RIP or
OSPF.
Perform the following task:
Detailed Steps
Command
Step 1
For IKEv1, use this command:
crypto dynamic-map dynamic-map-name
seq-num set ikev1 transform-set
transform-set-name
Example:
hostname(config)# crypto dynamic-map dyn1
1 set ikev1 transform-set FirstSet
hostname(config)#
For IKEv2, use this command:
crypto dynamic-map dynamic-map-name
seq-num set ikev2 ipsec-proposal
proposal-name
Example:
hostname(config)# crypto dynamic-map dyn1
1 set ikev2 ipsec-proposal FirstSet
hostname(config)#
Step 2
crypto dynamic-map dynamic-map-name
dynamic-seq-num set reverse-route
Example:
hostname(config)# crypto dynamic-map dyn1
1 set reverse route
hostname(config)#
Creating a Crypto Map Entry to Use the Dynamic Crypto Map
This section describes how to create a crypto map entry that lets the ASA use the dynamic crypto map
to set the parameters of IPsec security associations.
In the following examples for this command, the name of the crypto map is mymap, the sequence number
is 1, and the name of the dynamic crypto map is dyn1, which you created in the previous section,
"Creating a Dynamic Crypto
Perform the following task:
Purpose
Creates a dynamic crypto map and specifies an IKEv1 transform
set or IKEv2 proposal for the map.
(Optional) Enables Reverse Route Injection for any connection
based on this crypto map entry.
Map."
Cisco ASA Series CLI Configuration Guide
Configuring Remote Access IPsec VPNs
1-13