Folks, I was wondering, how does the tunnel decide which crypto isakmp policy to pickup? in other words, how do we marry ISAKMP profile with end points?
Let's say this is my scenario: R1----R2 | | R3 1. Both R2 and R3 connects to R1. 2. R2 want to pick policy with 3DES 3. R3 want to pick policy with DES Typically, all the example that I came across have the matching policy number in this scenario with ISAKMP policy. in this case R2 will be configured with "cry isakmp policy 100" and R3 will be configured "cry isakmp policy 200". Is that assumption correct? or there is a criteria re how does it pick up? On R1: ------- crypto isakmp policy 100 encr 3des <------------------ 3DES hash md5 authentication pre-share group 2 crypto isakmp policy 200 encr des <--------------------Just DES hash md5 authentication pre-share group 1 <---Group1 what is the tie breaker?
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
