69-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter69 Configuring Remote Access IPsec VPNs
Configuring Remote Access IPsec VPNs
Dynamic crypto map entries identify the transform set for the connection. You also enable reverse
routing, which lets the ASA learn routing information for connected clients, and advertise it via RIP or
OSPF.
Use the command syntax in the following examples as a guide.
Detailed Steps
Creating a Crypto Map Entry to Use the Dynamic Crypto Map
This section describes how to create a crypto map entry that lets the ASA use the dynamic crypto map
to set the parameters of IPsec security associations.
In the following examples for this command, the name of the crypto map is mymap, the sequence number
is 1, and the name of the dynamic crypto map is dyn1, which you created in the previous section,
Creating a Dynamic Crypto Map.”
Use the command syntax in the following examples as a guide.
Command Purpose
Step1 For IKEv1, use this command:
crypto dynamic-map dynamic-map-name
seq-num set ikev1 transform-set
transform-set-name
Example:
hostname(config)# crypto dynamic-map dyn1
1 set ikev1 transform-set FirstSet
hostname(config)#
For IKEv2, use this command:
crypto dynamic-map dynamic-map-name
seq-num set ikev2 ipsec-proposal
proposal-name
Example:
hostname(config)# crypto dynamic-map dyn1
1 set ikev2 ipsec-proposal FirstSet
hostname(config)#
Creates a dynamic crypto map and specifies an IKEv1 transform
set or IKEv2 proposal for the map.
Step2 crypto dynamic-map dynamic-map-name
dynamic-seq-num set reverse-route
Example:
hostname(config)# crypto dynamic-map dyn1
1 set reverse route
hostname(config)#
(Optional) Enables Reverse Route Injection for any connection
based on this crypto map entry.