Crypto Map Configuration

About this task

Use crypto maps to configure IPSec VPN SAs. Crypto maps combine the elements comprising IPSec SAs. Crypto maps also include transform sets. A transform set is a combination of security protocols, algorithms and other settings applied to IPSec protected traffic. One crypto map is utilized for each IPsec peer, however for remote VPN deployments one crypto map is used for all the remote IPsec peers.

Procedure

  1. Select the Crypto Map tab. Use crypto maps (as applied to IPSec VPN) to combine the elements used to create IPSec SAs (including transform sets).
    Click to expand in new window
    Profile Security - Crypto Map tab
    GUID-293575D2-4513-4408-A696-D9C76CA70D3B-low.png
  2. Review the following configuration parameters to assess existing crypto map relevance:

    Name

    Lists the 32 character maximum name assigned for each crypto map upon creation. This name cannot be modified as part of the edit process.

    IP Firewall Rules

    Lists the IP firewall rules defined for each displayed crypto map configuration. Each firewall policy contains a unique set of access/deny permissions applied to the VPN tunnel and its peer connection.

    IPSec Transform Set

    Displays the transform set (encryption and has algorithms) applied to each listed crypto map configuration. Thus, each crypto map can be customized with its own data protection and peer authentication schemes.