Hi all
I have an ASA 5505 with OS 9.1(7)
Currently I have the following VPN's configured.
- EayVPN (Site2Site VPN).
- SSL WebVPN (AnyConnect)
- Cisco VPN (old Cisco VPN Client)
All is working fine. Now the customer needs to have a L2TP/IPsec VPN as well (Replacing the old Cisco VPN).
I tired this config:
ip local pool l2tp-clientpool x.x.x.x mask 255.255.255.0
access-list split_tunnel extended permit ip object OBJ1 object VPNClient_Subnet
access-list split_tunnel extended permit ip object OBJ2 object VPNClient_Subnet
access-list split_tunnel extended permit ip object-group EZVPN_subnets object VPNClient_Subnet
crypto ipsec ikev1 transform-set vpn-client esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-l2tp-client esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-l2tp-client mode transport
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map vpn-client 10 set ikev1 transform-set vpn-client
crypto dynamic-map vpn-client 10 set security-association lifetime seconds 28800
crypto dynamic-map vpn-client 10 set security-association lifetime kilobytes 4608000
crypto dynamic-map vpn-client 10 set reverse-route
crypto map peerX 80 ipsec-isakmp dynamic vpn-l2tp-client
crypto map peerX 100 ipsec-isakmp dynamic vpn-client
crypto map peerX interface outside
group-policy vpn_bwo_l2tp internal
group-policy vpn_bwo_l2tp attributes
dns-server value x.x.x.x
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
intercept-dhcp enable
username vpnuser password xxx nt-encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool l2tp-clientpool
default-group-policy vpn_bwo_l2tp
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key xxx
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
With this, the L2TP/IPsec VPN works fine. I can connect with MAC and Windows as well as with mobile devices. But the EasyVPN and the Cisco VPN at not working any more.
If I switch:
crypto map peerX 100 ipsec-isakmp dynamic vpn-client
crypto map peerX 110 ipsec-isakmp dynamic vpn-l2tp-client
crypto map peerX interface outside
The L2TP/IPsec VPN is not working but EasyVPN and Cisco VPN are working.
Is there a way to configure L2TP/IPsec VPN along with EasyVPN? I can drop the Cisco VPN, if needed. But EasyVPN I need to have.
Thanks for any hint.
Best Regards, Daniel