Scott, Add the following to your ny-map:
crypto map ny-map 65535 ipsec-isakmp dynamic dynmap That should get you what you want. -ryan -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Scott Granados Sent: Monday, August 17, 2009 6:31 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] asa 5520, more than one crypto map? Hi, I'm having an issue binding more than one map to the outside interface so I need someone to set me straight.:) Background I have an ASA 5520 that's providing access to a private network via the Cisco VPN client. I wish to establish a few LAN-to-LAN sessions to branch offices using the same concentrator. Problem, when I apply one map to the outside interface the previously added map is removed. For example, IF I have the following in place. crypto ipsec transform-set ny-trans esp-aes-192 esp-md5-hmac crypto ipsec transform-set vpn-transform1 esp-aes-256 esp-sha-hmac crypto dynamic-map dynmap 10 set transform-set vpn-transform1 crypto dynamic-map dynmap 10 set reverse-route crypto map vpn-ra-map 10 ipsec-isakmp dynamic dynmap crypto map vpn-ra-map interface outside and then add the following crypto map ny-map 10 match address ny-vpn-acl crypto map ny-map 10 set peer ny-fw-outside crypto map ny-map 10 set transform-set ny-trans crypto map ny-map 10 set reverse-route crypto map ny-map interface outside I end up with the following in my startup and running configs crypto dynamic-map dynmap 10 set transform-set vpn-transform1 crypto dynamic-map dynmap 10 set reverse-route crypto map ny-map 10 match address ny-vpn-acl crypto map ny-map 10 set peer ny-fw-outside crypto map ny-map 10 set transform-set ny-trans crypto map ny-map 10 set reverse-route crypto map ny-map interface outside crypto map vpn-ra-map 10 ipsec-isakmp dynamic dynmap (no vpn-ra-map interface outside for clients) So my client access breaks as soon as I add the second map for the NY LAN-to-LAN tunnel. What am I doing wrong? Is there a different way to add more than one map to an interface? Any pointers would be appreciated. Thanks Scott _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/