04-25-2013 12:15 AM - edited 03-11-2019 06:34 PM
Hi !
Can somebody tell me why I cannot have a Site-to-Site VPN with a Remote Access VPN simultaneously connected or working ??? is in
2 ASAs 5520 8.4(2)
Is it necessary any command or instruction that I don't know yet, because I am a little novice.
Thanks in advance,
Hola!
Podria alguien decirme porque no puedo tener funcionando simultaneamente una vpn site-to-site y una de acceso remoto. Cuando me trato de conectarme con la de acceso remoto no lo hace porque ya esta activa la site-to-site. pero si quito la site-to-site me conecto bien con la de acceso remoto.
Habia olvidado decirles que es con 2 ASAs 5520 8.4(2)
Gracias de antemano
Solved! Go to Solution.
04-28-2013 04:43 PM
Hi Miguel Angel,
Problem is that you can only have one crypto map per interface ( you can dinamically attach a dynamic crypto map to a static crypto map )
The thing here is that you are mapping it incorrectly
crypto map Alcala_map interface Outside ( The static one you are using)
crypto dynamic-map dyn_map 65535 set ikev1 transform-set set1 ( The dynamic crypto map for the remote-access VPN sessions )
crypto map outside_map 65535 ipsec-isakmp dynamic dyn_map ( The error is here, you are not using the crypto map outside_map anywhere on the config )
Do this
no crypto map outside_map 65535 ipsec-isakmp dynamic dyn_map
crypto map Alcala_map 65535 ipsec-isakmp dynamic dyn_map
And that should do it my friend... Do not forget to give me some kudos ( Rate the post as that is even more important that a thanks for the community )
Regards,
Julio Carvajal
04-25-2013 09:42 PM
Hello/Hola Miguel,
Both of them should work,
Post the configurations, The tunnel groups you are using to connect,
Regards,
Julio Carvajal
04-26-2013 12:27 AM
04-26-2013 09:40 AM
Hello,
Where is the remote access and VPN l2l tunnel not working?? On both sides??
04-27-2013 12:29 AM
HI Julio,
The L2L tunnel is working but Remote access is not.
I first configured the remote access VPN tunnel and was working fine until I configured the L2L tunnel, after I made this configuration of the l2l tunnel the remote access doesn't connect anymore but the L2L tunnel is working fine.
thanks
04-28-2013 04:43 PM
Hi Miguel Angel,
Problem is that you can only have one crypto map per interface ( you can dinamically attach a dynamic crypto map to a static crypto map )
The thing here is that you are mapping it incorrectly
crypto map Alcala_map interface Outside ( The static one you are using)
crypto dynamic-map dyn_map 65535 set ikev1 transform-set set1 ( The dynamic crypto map for the remote-access VPN sessions )
crypto map outside_map 65535 ipsec-isakmp dynamic dyn_map ( The error is here, you are not using the crypto map outside_map anywhere on the config )
Do this
no crypto map outside_map 65535 ipsec-isakmp dynamic dyn_map
crypto map Alcala_map 65535 ipsec-isakmp dynamic dyn_map
And that should do it my friend... Do not forget to give me some kudos ( Rate the post as that is even more important that a thanks for the community )
Regards,
Julio Carvajal
04-29-2013 01:52 AM
Hi Julio!!!
Hey man! You are my man! You're so big! You're the boss, my respect to you!
Thank you so so so much my friend !!!
It's done!!!
How can I give you "Kudos" and how many is the limit I can give ??
04-29-2013 09:52 AM
Hello Miguel,
Hey my pleasure to help
To provide Kudos just go to any of my answers on any post and hit the 5 stars at the left ( 5 being great 1 being bad ) and you can give as many as you want,
Glad to know that I could help ( Let me know if you still have some issues with the Kudos stuff )
Regards
05-04-2013 01:11 AM
Hi Julio!
It's me again
Everything is Ok but I realized that when I connect for the first time to remote access VPN with the Cisco VPN Client to the second branch (Alcala) the connection is refused and I have to disconnect the Cisco VPN Client and connect it again in order to work properly the VPN, but this only happens the first time and only in this site or branch, in the main site it doesn't.
I have been looking at the configuration file but it is everything like the main one, so I don't know where's the problem.
I let you here the ASA conf files again to see if you can help me again, because the users have the impression that the VPN is not secure and fails.
The problem is with the ASA2
Thank you in advance my friend.
05-04-2013 01:21 AM
Hi Julio!
It's me again
Everything is Ok but I realized that when I connect for the first time to remote access VPN with the Cisco VPN Client to the second branch (Alcala) the connection is refused and I have to disconnect the Cisco VPN Client and connect it again in order to work properly the VPN, but this only happens the first time and only in this site or branch, in the main site it doesn't.
I have been looking at the configuration file but it is everything like the main one, so I don't know where's the problem.
I let you here the ASA conf files again to see if you can help me again, because the users have the impression that the VPN is not secure and fails.
The problem is with the ASA2
Thank you in advance my friend.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: