08-23-2019 10:50 AM
i want to present a case as soon as I add another connection vpn my doubt is if I have to apply the crypto map on the same interface or what should be done I want to clarify that I already have connection with one of the vpn in operation but when adding the other it generates this error
ciscuso(config)#interface gigabitEthernet 0/0/0
ciscuso(config-if)#crypto map MAP
ciscuso(config-if)
the gigabitEthernet 0/0/0 interface has the crypto map CMAP works correctly but when configuring crypto map MAP on the same interface the good one stops working
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXX address 181.52.XX.XX
crypto isakmp key XXX address 181.62.XX.XX
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set TS-VPN esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set TS esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map CMAP 10 ipsec-isakmp
set peer 181.52.XX.XX
set security-association lifetime seconds 86400
set transform-set TS-VPN
set pfs group2
match address VPN
crypto map CMAP 11 ipsec-isakmp
set peer 181.62.XX.XX
set security-association lifetime seconds 86400
set transform-set TS
set pfs group2
match address PAL
!
!
interface GigabitEthernet0/0/0
description WAN
ip address 181.143.XX.XX 255.255.255.XX
ip nat outside
negotiation auto
crypto map CMAP
!
interface GigabitEthernet0/0/1
description LAN-13
ip address 192.168.XX.XX 255.255.255.0
ip nat inside
negotiation auto
!
!
ip nat inside source list 113 interface GigabitEthernet0/0/0 overload
ip nat inside source list 114 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 181.143.XX.XX
ip ssh time-out 30
ip ssh version 2
!
!
ip access-list extended PAL
permit ip 192.168.13.0 0.0.0.255 192.168.6.0 0.0.0.255
ip access-list extended VPN
permit ip 192.168.13.0 0.0.0.255 192.168.5.0 0.0.0.255
!
access-list 113 deny ip 192.168.13.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 114 deny ip 192.168.13.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 113 permit ip 192.168.13.0 0.0.0.255
access-list 114 permit ip 192.168.13.0 0.0.0.255
Solved! Go to Solution.
08-23-2019 08:02 PM
08-23-2019 01:03 PM
as per your crypto config it was CMAP, but under iterface you using MAP.
make necessary changes and test.
below thread will give information to solve your case.
08-23-2019 05:24 PM
08-23-2019 08:02 PM
08-24-2019 01:41 AM
Glad it was working as expected, if this resolve mark as solution, so it will be usefull for community members.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: