Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
759
Views
0
Helpful
4
Replies

2 ipsec VPNs on one interface

lmutsa1988
Level 1
Level 1

‎05-15-2013 09:26 AM - edited ‎02-21-2020 06:54 PM

Hi guys,

Im having an issue with my VPN. I have configured 2 VPNs on my firewall. Site to site and Remote Access.

Problem is I only have 1 outside interface. If I assign the remote access crypro map to Outside interface, the site to site VPN stops working. And I want both VPNs to be working at the same time.

How do I solve this issue.

Thanks in advance.

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎05-15-2013 12:12 PM

You solve that by having multiple instances in a single crypto map. As you have discovered trying to do two maps does not work. The interface can have only a single crypto map at a time. So you need one crypto map that has logic for your site to site and logic for your remote access vpn.

HTH

Rick

HTH

Rick
0 Helpful

lmutsa1988
Level 1
Level 1
In response to Richard Burts

‎05-16-2013 02:08 AM

Hi Rick,

I have tried your suggestion using the following link but still its not working:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml

When i try to connect using vpn client i get this error message:

Secure VPN Connection terminated locally by the Client. Reason 412: The remote peer is no longer responding.

Can you please help on how i get about this.

Thanks,

0 Helpful

gregs-kennedy
Level 1
Level 1
In response to lmutsa1988

‎05-16-2013 06:34 AM

I think he means something like this. Note how the ID number increments for each crypto map line:

crypto map TO_CARRIERS 33 ipsec-isakmp

set peer 1.1.1.1

set transform-set TO_ALL

match address TO_FROM_ATT

crypto map TO_CARRIERS 44 ipsec-isakmp

set peer 2.2.2.2

set transform-set TO_ALL

match address TO_FROM_SPRINT

crypto map TO_CARRIERS 55 ipsec-isakmp

set peer 3.3.3.3

set peer 4.4.4.4

set transform-set TO_VERIZON

match address TO_FROM_VERIZON

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to gregs-kennedy

‎05-16-2013 09:15 AM

Gregg has posted something pretty close to what I was suggesting, and exactly right in terms of the sequence number increasing to define multiple instances.

What the original poster is trying to do is to combine Remote Access and Site to Site VPN (if I understand the requirement correctly) and Gregg has given us multiple site to site.

The article in the link is pretty good. If the original poster will post the configuration perhaps we can find the issue.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents