Crypto Map vs IPsec Profile - SIMOS Exam Topics

Crypto Map vs IPsec Profile


Get 30% off ITprotv.com with: You can use promo code: OSCAROGANDO2 Follow Me on Twitter: https://twitter.com/CCNADailyTIPS

Crypto Map

Crypto-map and crypto ipsec profile are one and the same, it is the legacy way (map) and new way (profile) of configuring IKE Phase2. In crypto-map you need to specify: how to protect traffic (transform-set); what to protect (ACL) and what is the remote VPN peer.

IPsec Profile

The same goes if you use ipsec profile, where you need to specify: how to protect traffic (transform-set); what to protect no longer requires an ACL, it’s just based on routing cause IPsec profile is always applied to a GRE/VTI interface, thus you have a logical interface associated with the IPsec tunnel; the remote VPN peer is no longer specified as it is one and the same as the GRE/VTI tunnel destination (it can be statically configured or dynamically learned).

Comments


Books
Nothing here yet!!