07-16-2013 04:26 AM
Dear All,
I would like to know if two different dynamic VPNs can work on single ASA ?. For example I am trying to test L2TP/IPSec whereas Remote access IPSec VPN is already working on that ASA so what is happening that phase a for L2TP/IPSec is failing until and unless I put lower sequence number in the dynamic crypto map for transform-set of L2TP VPN but in this case remote access IPSec VPN get breaks.
Thanks & Regards,
Mujeeb
Solved! Go to Solution.
07-16-2013 04:57 AM
Why don't u put all your transform sets in the one crypto-map entry?
For example, that's how it looks on our ASA:
crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set ESP-AES128-SHA ESP-3DES-SHA ESP-DES-SHA ESP-DES-MD5 TRANSPOT-FOR-L2TP-1 TRANSPOT-FOR-L2TP-2
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 mode transport
crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
07-16-2013 04:29 AM
Typo
***** Phase 1 for L2TP/IPSec *******
07-16-2013 04:57 AM
Why don't u put all your transform sets in the one crypto-map entry?
For example, that's how it looks on our ASA:
crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set ESP-AES128-SHA ESP-3DES-SHA ESP-DES-SHA ESP-DES-MD5 TRANSPOT-FOR-L2TP-1 TRANSPOT-FOR-L2TP-2
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 mode transport
crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
07-16-2013 01:08 PM
Hi Mujeeb,
Can you share you configuration for crypto ?
Also will be usefull to have outputs, when you are trying to connect, from:
# deb cry isa 140
# de cry ips 140
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide