IPSec - crypto-map vs transform-set
The crypto-map
command is used to bind or tie together all the various IPSec configuration elements. This includes the transform-set
, the ACL that identifies the traffic, and the peer at the other end of the IPSec tunnel.
A transform-set
is a combination of security protocols and algorithms. When you define a transform-set
, you are essentially defining the methods and protocols that IPSec should use to secure your data.
Both crypto-map
and transform-set
serve different purposes in the IPSec configuration process and cannot replace each other. The crypto-map
command should be used when you are ready to tie together your IPSec configuration and apply it to an interface.
Links:
https://forum.networklessons.com/t/dmvpn-over-ipsec/1316/72?u=lagapidis