On a Cisco IOS router can I use the same transform set with multiple crypto maps?
I.E. Is the below configuration example valid?
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key *** address 192.168.255.1
crypto isakmp key *** address 172.16.255.1
crypto isakmp key *** address 10.255.255.1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-md5-hmac
!
!
crypto map CMAP100 1 ipsec-isakmp
description *VPN WITH CLIENT 1*
set peer 192.168.255.1
set transform-set ESP-3DES-SHA
match address 110
!
!
crypto map CMAP200 1 ipsec-isakmp
description *VPN WITH CLIENT 2*
set peer 172.16.255.1
set transform-set ESP-3DES-SHA
match address 120
!
crypto map CMAP200 2 ipsec-isakmp
description *VPN WITH CLIENT 3*
set peer 10.255.255.1
set transform-set ESP-3DES-SHA
match address 130
!
!
!
interface Fa0/0
description *WAN1*
ip address 10.0.0.1 255.255.255.0
crypto map CMAP100
!
interface Fa0/1
description *WAN2*
ip address 10.1.0.1 255.255.255.0
crypto map CMAP200
!
Best Answer
Yes, both transform-sets like ACLs to select interesting traffic can be reused in different crypto maps and different crypto map entries of the same map.