Crypto maps are the glue that binds all your previous configurations together, including the IKE parameters. With a crypto map configuration, you tell the router whether you will be using IKE to automatically set up the IPSec tunnel for you or you will be configuring the IPSec tunnel manually. A crypto map entry also identifies the crypto access list that will decide what traffic is protected. In addition to identifying what traffic is protected, the crypto map identifies which transform set will be used to protect the traffic. Crypto maps specify the remote IPSec peer and can be used to override the global IPSec SA lifetimes. |