Chapter 6 Configuring a VPN Using Easy VPN and an IPSec Tunnel

Apply the Crypto Map to the Physical Interface

BETA DRAFT - CISCO CONFIDENTIAL

 

Command or Action

Purpose

Step 3

 

 

reverse-route

Creates source proxy information for the crypto

 

 

map entry.

 

Example:

See the Cisco IOS Security Command Reference

 

 

 

Router(config-crypto-map)# reverse-route

for details.

 

Router(config-crypto-map)#

 

Step 4

 

 

exit

Returns to global configuration mode.

 

Example:

 

 

Router(config-crypto-map)# exit

 

 

Router(config)#

 

Step 5

 

 

crypto map map-nameseq-num[ipsec-isakmp]

Creates a crypto map profile.

 

[dynamic dynamic-map-name] [discover]

 

 

[profile profile-name]

 

 

Example:

 

 

Router(config)# crypto map static-map 1

 

 

ipsec-isakmp dynamic dynmap

 

 

Router(config)#

 

 

 

 

Apply the Crypto Map to the Physical Interface

The crypto maps must be applied to each interface through which IP Security (IPSec) traffic flows. Applying the crypto map to the physical interface instructs the router to evaluate all the traffic against the security associations database. With the default configurations, the router provides secure connectivity by encrypting the traffic sent between remote sites. However, the public interface still allows the rest of the traffic to pass and provides connectivity to the Internet.

Perform these steps to apply a crypto map to an interface, beginning in global configuration mode:

 

Command or Action

Purpose

Step 1

 

 

interface type number

Enters the interface configuration mode for the

 

 

interface to which you want the crypto map

 

Example:

applied.

 

Router(config)# interface fastethernet 0

 

 

Router(config-if)#

 

 

 

 

Cisco 1800 Series Integrated Services Routers (Fixed) Software Configuration Guide

6-8

OL-6426-02

 

 

Page 80
Image 80
Cisco Systems OL-6426-02 Apply the Crypto Map to the Physical Interface, Reverse-route, Dynamic dynamic-map-name discover