03-17-2020 10:27 AM
Hello,
I would like to know if it is possible to configure VPN remote access on both sites of a IPSec tunnel ?
Currently 2 sites are connected via L2L Ipsec tunnel. Teh tunnnel is restriceted to the use of 2 backup syustèmes on each side. Due to the recent situation, we need to cofnigure remote access on both sites. Both sites are dedicated to separate (but nontheless sister) companies and DSL lines on both sites are rather weak. 2 reason why I cannot expand the use of the L2L tunnel.
I'm using configurations similar to https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/46242-lan-to-lan-vpn-client.html on each cisco 867VAE routers but I can only get the remote access OR the L2L to "work". Do you have any idea to have this problem solved ?
Thank you.
Solved! Go to Solution.
03-19-2020 06:51 AM
I actually I managed to solve this problème with an IPSec VPN remote access on router B.
If someone else has the issue, please make sure that the crypto dynmaps priority are higher than the static crypto maps. That should do the trick.
Thanks to the people who have answered this thread.
03-17-2020 10:31 AM
Hi,
Yes this is possible. You can use FlexVPN which supports Site-to-Site and Remote Access VPN on the same cisco router.
Example of Remote Access VPN here.
HTH
03-19-2020 01:39 AM - edited 03-19-2020 01:46 AM
Thank you RJI.
I'll have a look at the flexVPN solution you've linked. But I was wondering : doesn't Anyconnect request licences now (for more than 2 users)?
Here is what I'm trying to achieve :
(VPN remote clients)------[router A]=====L2L Ipsec Tunnel=====[Routeur B]-------(VPN Remote clients)
Actually I already have 1 IPSec VPN Remote access currently working on router A. But when I try to configure another IPSec remote access on router B, I loose L2L access...
03-19-2020 06:51 AM
I actually I managed to solve this problème with an IPSec VPN remote access on router B.
If someone else has the issue, please make sure that the crypto dynmaps priority are higher than the static crypto maps. That should do the trick.
Thanks to the people who have answered this thread.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide