Skip navigation
Cisco Learning Home > Certifications > CCIE Security > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
4310 Views 1 Reply Latest reply: Apr 19, 2012 8:14 AM by CiscoLoco - CCNP RSS

Currently Being Moderated

Difference between Crypto Map and Crypto IPsec Profile ?

Apr 19, 2012 4:09 AM

Extreme-Networks 8 posts since
Jul 3, 2010

Hi,

 

What is the difference in using Crypto map and Crypto IPsec profile ?

 

What are the pros and cons while using each of them.

 

Please explain.

 

Regards,

James

  • CiscoLoco - CCNP 956 posts since
    Feb 11, 2009

    You cannot use an IPSEC profile without having a crypto map.  Within the crypto map you can apply the ipsec profile.  You could do this if you multiple tunnels that obviously have different peer address and differnt "interesting traffic" acls but will use simliar other configurations like transform set and pfs value.

     

    For Ex

     

    Define the IPSEC Profile  -

     

    crypto ipsec profile TEST-Profile

    set transform-set 3DES-SHA

    set pfs group 2

     

    Then within you crypto maps you can apply the profile you just created

     

    crypto map TEST 10 ipsec-isakmp

    set peer 1.1.1.1

    match address 100

    set profile TEST-Profile

     

    crypto map TEST 20 ipsec-isakmp

    set peer 2.2.2.2

    match address 200

    set profile TEST-Profile

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)