1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. SA-VAM - VPN Acceleration Module
  6. Installation and configuration manual

Creating Dynamic Crypto Maps - Cisco SA-VAM - VPN Acceleration Module Installation And Configuration Manual

Vpn acceleration module 2+ (vam2+) installation and configuration guide
Hide thumbs
Table of Contents

Advertisement

Configuration Tasks
Command
Step 6
Router(config-crypto-m)# set security-association
level per-host
Step 7
Router(config-crypto-m)# set pfs [group1 | group2]
Step 8
Router(config-crypto-m)# exit

Creating Dynamic Crypto Maps

A dynamic crypto map entry is a crypto map entry with some parameters not configured.The missing
parameters are later dynamically configured (as the result of an IPSec negotiation). Dynamic crypto
maps are only available for use by IKE.
Dynamic crypto map entries are grouped into sets. A set is a group of dynamic crypto map entries all
with the same dynamic-map-name, each with a different dynamic-seq-num.
To create a dynamic crypto map entry, use the following commands starting in global configuration
mode:
Command
Step 1
Router(config)# crypto dynamic-map dynamic-map-name
dynamic-seq-num
Step 2
Router(config-crypto-m)# set transform-set
transform-set-name1
[transform-set-name2...transform-set-name6]
VPN Acceleration Module 2+ (VAM2+) Installation and Configuration Guide
4-12
Chapter 4
Purpose
(Optional) Specifies that separate security
associations should be established for each
source/destination host pair.
Without this command, a single IPSec "tunnel" could
carry traffic for multiple source hosts and multiple
destination hosts.
With this command, when the router requests new
security associations it will establish one set for
traffic between Host A and Host B, and a separate set
for traffic between Host A and Host C.
Use this command with care, as multiple streams
between given subnets can rapidly consume
resources.
(Optional) Specifies that IPSec should ask for perfect
forward secrecy when requesting new security
associations for this crypto map entry, or should
demand perfect forward secrecy (PFS) in requests
received from the IPSec peer.
Exits crypto-map configuration mode and return to
global configuration mode.
Purpose
Creates a dynamic crypto map entry.
Specifies which transform sets are allowed for the
crypto map entry. List multiple transform sets in
order of priority (highest priority first).
This is the only configuration statement required in
dynamic crypto map entries.
Configuring the SA-VAM2+
OL-5979-03

Advertisement

Table of Contents
loading

Related Manuals for Cisco SA-VAM - VPN Acceleration Module

Related Content for Cisco SA-VAM - VPN Acceleration Module

This manual is also suitable for:

Sa-vam2+

Table of Contents