Create a Dynamic Crypto Map
When your VPN Clients connect to the Easy VPN Server, they will negotiate the parameters
of the IPSec session. Creating a dynamic crypto map enables you to define a crypto map that
does not have all of the parameters configured. It acts as a sort of policy template in which
NOTE For an IPSec-manual crypto map, you can specify only a single transform. When
using IPSec-ISAKMP or dynamic crypto map entries, however, you can specify up to six
transform sets.
Table 14-4 Encryption and Hash Algorithms
Keyword Algorithm
aes Advanced Encryption Standard
des Data Encryption Standard
3des Triple Data Encryption Standard
md5 MD5 message digest algorithm
sha SHA message digest algorithm
414 Chapter 14: Configuring Access VPNs
the missing parameters get configured to match the remote peer’s requirements (as part of the
IPSec negotiation). By using dynamic crypto maps, your Easy VPN Servers do not have to be
preconfigured for all of the requirements of your remote peers, thus making the configuration
process more flexible.