Cisco ipsec tunnel without using crypto map

If you need to use secure tunnels, and if you want to keep the configuration minimal, there is a solution for organizing the cisco ipsec tunnel without using a crypto map.

Configuration example for one host (on the other side there will be a mirror configuration). Creating a SECRETKEY key for the remote side:

crypto isakmp key SECRETKEY address 11.0.0.3 

Description of the transform set:

 crypto ipsec transform-set TS esp-3des esp-sha-hmac comp-lzs 

')
Creating a crypto profile:

 crypto ipsec profile A set transform-set TS 

Interface settings:

 interface Tunnel0 ip address 172.16.0.1 255.255.255.252 tunnel source FastEthernet0/0 tunnel destination 11.0.0.3 tunnel mode ipsec ipv4 tunnel protection ipsec profile A 

Interface towards the provider:

 interface FastEthernet0/0 ip address 10.0.0.1 255.0.0.0 

Session check:

 R1#show crypto session Crypto session current status Interface: Tunnel0 Session status: UP-ACTIVE Peer: 11.0.0.3 port 500 IKE SA: local 10.0.0.1/500 remote 11.0.0.3/500 Active IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 Active SAs: 4, origin: crypto map 

It should be noted that the crypto map was still created, but it happened automatically, and they do not take up space in the configuration:

 R1#show crypto map Crypto Map "Tunnel0-head-0" 65536 ipsec-isakmp Profile name: A Security association lifetime: 4608000 kilobytes/3600 seconds PFS (Y/N): N Transform sets={ TS: { esp-3des esp-sha-hmac } , { comp-lzs } , } Crypto Map "Tunnel0-head-0" 65537 ipsec-isakmp Map is a PROFILE INSTANCE. Peer = 11.0.0.3 Extended IP access list access-list permit ip any any Current peer: 11.0.0.3 Security association lifetime: 4608000 kilobytes/3600 seconds PFS (Y/N): N Transform sets={ TS: { esp-3des esp-sha-hmac } , { comp-lzs } , } Always create SAs Interfaces using crypto map Tunnel0-head-0: Tunnel0 

Now all traffic between 172.16.0.0/30 is encrypted, and everything else on this interface is not.

Thank you all for your attention, waiting for comments.