cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
636
Views
0
Helpful
3
Replies

2 Dynamic VPNs

rmujeeb81
Level 1
Level 1

Dear All,

I would like to know if two different dynamic VPNs can work on single ASA ?. For example I am trying to test L2TP/IPSec whereas Remote access IPSec VPN is already working on that ASA so what is happening that phase a for L2TP/IPSec is failing until and unless I put lower sequence number in the dynamic crypto map for transform-set of L2TP VPN but in this case remote access IPSec VPN get breaks.

Thanks & Regards,

Mujeeb

1 Accepted Solution

Accepted Solutions

Why don't u put all your transform sets in the one crypto-map entry?

For example, that's how it looks on our ASA:

crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set ESP-AES128-SHA ESP-3DES-SHA ESP-DES-SHA ESP-DES-MD5 TRANSPOT-FOR-L2TP-1 TRANSPOT-FOR-L2TP-2

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 mode transport

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 mode transport

crypto ipsec ikev2 ipsec-proposal DES

protocol esp encryption des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal 3DES

protocol esp encryption 3des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES

protocol esp encryption aes

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES192

protocol esp encryption aes-192

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES256

View solution in original post

3 Replies 3

rmujeeb81
Level 1
Level 1

Typo

***** Phase 1 for L2TP/IPSec *******

Why don't u put all your transform sets in the one crypto-map entry?

For example, that's how it looks on our ASA:

crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set ESP-AES128-SHA ESP-3DES-SHA ESP-DES-SHA ESP-DES-MD5 TRANSPOT-FOR-L2TP-1 TRANSPOT-FOR-L2TP-2

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 mode transport

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 mode transport

crypto ipsec ikev2 ipsec-proposal DES

protocol esp encryption des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal 3DES

protocol esp encryption 3des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES

protocol esp encryption aes

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES192

protocol esp encryption aes-192

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES256

Artem Tkachov
Level 1
Level 1

Hi Mujeeb,

Can you share you configuration for crypto ?

Also will be usefull to have outputs, when you are trying to connect,  from:

# deb cry isa 140

# de cry ips 140

Thank you