When the CLI is used to configure an ISR for a site-to-site VPN connection, what is the purpose of the crypto map command in interface configuration mode?
- to bind the interface to the ISAKMP policy
- to configure the transform set
- to force IKE Phase 1 negotiations to begin
- to negotiate the SA policy
Answers Explanation & Hints:
The crypto map command, along with the name of the policy, is used to bind the interface to the ISAKMP policy created previously. A transform set is configured using the crypto ipsec transform-set command. Interesting traffic between peers forces IKE Phase 1 negotiations to begin. Peers negotiate the ISAKMP SA policy in step 2 of IPsec negotiations.