When the CLI is used to configure an ISR for a site-to-site VPN connection, what is the purpose of the crypto map command in interface configuration mode?

When the CLI is used to configure an ISR for a site-to-site VPN connection, what is the purpose of the crypto map command in interface configuration mode?

  • to bind the interface to the ISAKMP policy
  • to configure the transform set
  • to force IKE Phase 1 negotiations to begin
  • to negotiate the SA policy
    Answers Explanation & Hints:

    The crypto map command, along with the name of the policy, is used to bind the interface to the ISAKMP policy created previously. A transform set is configured using the crypto ipsec transform-set command. Interesting traffic between peers forces IKE Phase 1 negotiations to begin. Peers negotiate the ISAKMP SA policy in step 2 of IPsec negotiations.

Leave a comment