In article , wrote: :I just created a map between to routers, i added :crypto ipsec transform-set :crypto isakmp key :and last added the crypto map
:when i do show crypto map session, nothing shows
:do i have to clear the sa and iskmp?
:will everyone get disconnect?
You aren't giving us much to go on. Is this a second (or additional) crypto map? On the same interface? Or is it the first crypto map?
I don't know how it works in IOS, but in Cisco PIX when you change the ACL that defines a crypto map policy, or when you add new crypto map policies, then it is necessary to clear the ipsec SA's in order to be -sure- that the new entries will take effect. If you do not do the clear, then on the PIX sometimes the changes will take effect and sometimes they won't, and sometimes they will give every indication as if they had taken effect but they don't actually pass traffic.
If you clear the ipsec SA's, then all IPSec users will have their session disconnected... and promptly renegotiated the next time their end sends traffic through. I don't know what happens if the session had been given a dynamic VPN IP pool address... I've really only worked with site-to-site VPNs, and those resume after the clear as if nothing had happened.