The basic IPSec VPN building blocks define how to secure packets, as follows:

ISAKMP policies Define parameters for IKE phase 1 negotiation

Transform-sets Define parameters for IKE phase 2 negotiation

Once the building blocks are defined, IPSec VPN is implemented using a crypto list. The crypto list defines, for the interface to which it applies, which packets should be secured and how, as follows:

Each rule in the crypto list points to a crypto-map. A crypto-map points to a transform-set, and to a peer or peer-group. The peer or peer-group, in turn, point to an ISAKMP policy.