Task 5– Create Dynamic Crypto Map
Create a
dynamic crypto map entry and enter the crypto map configuration mode using the
crypto dynamic-map command
.
A dynamic
crypto map entry is essentially a crypto map entry without all the parameters
configured. It acts as a policy template where the missing parameters are later
dynamically configured, as the result of an IPSec negotiation, to match the
requirements of a remote peer. This allows remote peers to exchange IPSec
traffic with the PIX Security Appliance even if the PIX does not have a crypto
map entry specifically configured to meet all of the requirements of the remote
peer.
Dynamic crypto maps are not used by the PIX Security Appliance to
initiate new IPSec security associations with remote peers. Dynamic crypto maps
are used when a remote peer tries to initiate an IPSec security association
with the PIX. Dynamic crypto maps are also used in evaluating traffic.
Task 6 – Assign the Dynamic Crypto Map to a Static Crypto Map
Add
the dynamic crypto map to a static crypto map
.
Task 7 – Apply the Crypto Map to an Interface
Apply the crypto
map to the outside interface of the PIX Security Appliance
.