Comment
Author: Admin | 2025-04-27
Rule-index is the priority for the rule, and tunnel-group name must be for a tunnel group that already exists. Examples The following example enables mapping of certificate-based ISAKMP sessions to a tunnel group based on the content of the phase1 ISAKMP ID: hostname(config)# tunnel-group-map enable ike-id The following example enables mapping of certificate-based ISAKMP sessions to a tunnel group based on the IP address of the peer: hostname(config)# tunnel-group-map enable peer-ip The following example enables mapping of certificate-based ISAKMP sessions based on the organizational unit (OU) in the subject distinguished name (DN): hostname(config)# tunnel-group-map enable ou The following example enables mapping of certificate-based ISAKMP sessions based on established rules: hostname(config)# tunnel-group-map enable rules Configure IPsec This section describes the procedures required to configure the ASA when using IPsec to implement a VPN. Define Crypto Maps Crypto maps define the IPsec policy to be negotiated in the IPsec SA. They include the following: ACL to identify the packets that the IPsec connection permits and protects. Peer identification. Local address for the IPsec traffic. (See Apply Crypto Maps to Interfaces for more details.) Up to 11 IKEv1 transform sets or IKEv2 proposals, with which to attempt to match the peer security settings. A crypto map set consists of one or more crypto maps that have the same map name. You create a crypto map set when you create its first crypto map. The following site-to-site task creates or adds to a crypto map in either single or multiple context mode: crypto map
Add Comment