1 Reply Latest reply: Apr 19, 2012 8:14 AM by CiscoLoco - CCNP RSS

    Difference between Crypto Map and Crypto IPsec Profile ?

    Extreme-Networks

      Hi,

       

      What is the difference in using Crypto map and Crypto IPsec profile ?

       

      What are the pros and cons while using each of them.

       

      Please explain.

       

      Regards,

      James

        • 1. Re: Difference between Crypto Map and Crypto IPsec Profile ?
          CiscoLoco - CCNP

          You cannot use an IPSEC profile without having a crypto map.  Within the crypto map you can apply the ipsec profile.  You could do this if you multiple tunnels that obviously have different peer address and differnt "interesting traffic" acls but will use simliar other configurations like transform set and pfs value.

           

          For Ex

           

          Define the IPSEC Profile  -

           

          crypto ipsec profile TEST-Profile

          set transform-set 3DES-SHA

          set pfs group 2

           

          Then within you crypto maps you can apply the profile you just created

           

          crypto map TEST 10 ipsec-isakmp

          set peer 1.1.1.1

          match address 100

          set profile TEST-Profile

           

          crypto map TEST 20 ipsec-isakmp

          set peer 2.2.2.2

          match address 200

          set profile TEST-Profile