73-10
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter73 Configuring LAN-to-LAN IPsec VPNs
Creating a Crypto Map and Applying It To an Interface
Step3 To specify an IKEv1 transform set for a crypto map entry, enter the crypto map ikev1 set transform-set
command.
The syntax is crypto map map-name seq-num ikev1 set transform-set transform-set-name.
In the following example the transform set name is FirstSet .
hostname(config)# crypto map abcmap 1 set transform-set FirstSet
hostname(config)#
Step4 To specify an IKEv2 proposal for a crypto map entry, enter the crypto map ikev2 set ipsec-proposal
command:
The syntax is crypto map map-name seq-num set ikev2 ipsec-proposal proposal-name.
In the following example the proposal name is secure.
hostname(config)# crypto map abcmap 1 set ikev2 ipsec-proposal secure
hostname(config)#
Applying Crypto Maps to Interfaces
You must apply a crypto map set to each interface through which IPsec traffic travels. The ASA supports
IPsec on all interfaces. Applying the crypto map set to an interface instructs the ASA to evaluate all
interface traffic against the crypto map set and to use the specified policy during connection or security
association negotiations.
Binding a crypto map to an interface also initializes the runtime data structures, such as the security
association database and the security policy database. When you later modify a crypto map in any way,
the ASA automatically applies the changes to the running configuration. It drops any existing
connections and reestablishes them after applying the new crypto map.
Step1 To apply the configured crypto map to the outside interface, enter the crypto map interface command.
The syntax is crypto map map-name interface interface-name.
hostname(config)# crypto map abcmap interface outside
hostname(config)#
Step2 Save your changes.
hostname(config)# write memory
hostname(config)#