Apply mode configuration to a dynamic crypto map using the
following steps in global configuration mode
:
Step 1 Configure the router to respond to mode configuration
requests.
Step 2 Enable IKE queries for group
policy lookup.
Step 3 Apply the dynamic crypto
map to the crypto map.
Step 1 Configure the Router to Respond
to Mode Configuration Requests
Configure the router to initiate or
reply to mode configuration requests with the crypto map
map-name client configuration command
. Note
that VPN Clients require the respond keyword to be used.
The initiate keyword was used with older VPN Clients and is
no longer used with the 3.x or higher version Cisco VPN Clients.
Step
2 Enable IKE Queries for Group Policy Lookup
Enable ISAKMP querying for
group policy when requested by the VPN Client with the crypto map
isakmp authorization list command
. AAA uses the
list-name argument to determine which method list is used
to find the policy, either local or RADIUS, as defined in the aaa
authorization network command.
Step 3 Apply the Dynamic Crypto Map to the Crypto Map
Apply the
dynamic crypto map to the crypto map using the crypto map
command in global configuration mode
.