<div>
<div class="content wysiwyg-content">
I am setting up a site-to-site VPN between an ASA550 and a 1721 and have a question on the ASA config. I am configuring the crypto map below but don't understand the sequence numbers. I read the Cisco command reference explanation but it's still not clear to me. Should I configure as such:<br />
<br />
crypto map VPN_MAP 10 match address TRAFFIC_TO_REMOTE<br />
crypto map VPN_MAP 10 set peer 171.22.55.2<br />
crypto map VPN_MAP 10 set transform-set AES_SHA<br />
<br />
or like this:<br />
<br />
crypto map VPN_MAP 10 match address TRAFFIC_TO_REMOTE<br />
crypto map VPN_MAP 20 set peer 171.22.55.2<br />
crypto map VPN_MAP 30 set transform-set AES_SHA<br />
<br />
What's the difference?
</div>
</div>


I am setting up a site-to-site VPN between an ASA550 and a 1721 and have a question on the ASA config. I am configuring the crypto map below but don't understand the sequence numbers. I read the Cisco command reference explanation but it's still not clear to me. Should I configure as such:

crypto map VPN_MAP 10 match address TRAFFIC_TO_REMOTE
crypto map VPN_MAP 10 set peer 171.22.55.2
crypto map VPN_MAP 10 set transform-set AES_SHA

or like this:

crypto map VPN_MAP 10 match address TRAFFIC_TO_REMOTE
crypto map VPN_MAP 20 set peer 171.22.55.2
crypto map VPN_MAP 30 set transform-set AES_SHA

What's the difference?

ASA5505 Cryto Map sequence number explanation

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.