crypto map not working

I just created a map between to routers, i added
crypto ipsec transform-set
crypto isakmp key
and last added the crypto map

when i do show crypto map session, nothing shows

do i have to clear the sa and iskmp?

will everyone get disconnect?

thanks.

 

:I just created a map between to routers, i added
:crypto ipsec transform-set
:crypto isakmp key
:and last added the crypto map

:when i do show crypto map session, nothing shows

:do i have to clear the sa and iskmp?

:will everyone get disconnect?

You aren't giving us much to go on. Is this a second (or additional)
crypto map? On the same interface? Or is it the first crypto map?


I don't know how it works in IOS, but in Cisco PIX when you
change the ACL that defines a crypto map policy, or when you add
new crypto map policies, then it is necessary to clear the ipsec SA's
in order to be -sure- that the new entries will take effect. If you
do not do the clear, then on the PIX sometimes the changes will take effect
and sometimes they won't, and sometimes they will give every
indication as if they had taken effect but they don't actually pass
traffic.

If you clear the ipsec SA's, then all IPSec users will have their
session disconnected... and promptly renegotiated the next time their
end sends traffic through. I don't know what happens if the session
had been given a dynamic VPN IP pool address... I've really only
worked with site-to-site VPNs, and those resume after the clear
as if nothing had happened.

 

I think you can try SDM interface of the routers. This web interface
eases the VPN setup. Then you can run the "debug crypto isakmp" to
check what's going on.

If SDM is already setup on your routers, then you can access it by
http://router-ip or https://router-ip


DT

 

SDM info :

http://www.cisco.com/en/US/products/sw/secursw/ps5318/prod_installation_guide09186a00803e4727.html

DT