02-01-2006 04:12 AM - edited 02-21-2020 02:13 PM
Hi,
This is the case:
We have a remote site which needs to be connected to our office, and at the same time be connected to a third party, both using VPN.
The connection to our office is done by EasyVPN and the one to the third party is done by using a crypto-map (ISKMP tunnel). According to the documentation, this should be possible:
:BeginQuote:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/ftezvpnr.htm
Easy VPN Remote and Site to Site on the same Interface
This feature allows the Easy VPN remote and site to site (crypto map) to be supported on the same interface, making it possible to both establish a tunnel to another Easy VPN server and have another site to site on the same interface simultaneously. A typical application would be a third-party VPN service provider that is managing a remote router via the site-to-site tunnel and using Easy VPN Remote to connect the remote site to a corporate Easy VPN server.
For more information about the Easy VPN Remote and Site to Site on the Same Interface feature, see "Easy VPN Remote and Site to Site on the Same Interface" in the section " Additional References
:End Quote:
I'm basically just interested in the document that's being referred to, it's exactly our case...
Have anyone done this, or have ideas of how it should be done ?
Txs, in advance.
--
Dick Svensson
02-01-2006 09:15 PM
I wrote a sample config for this a while back that has yet to be published to CCO. I'll email the html page straight to the email address in your CCO profile, let me know if the email address is invalid or you want me to end it somewhere else.
02-02-2006 12:08 AM
I have recived your email, and will start to look at the example. I will get back to this thread and post a followup to inform others how it's progressing.
/Best regards
--
Dick Svensson
02-10-2006 12:58 PM
I too am have a similar circumstance. I have a PIX 501 and a PIX 506E in a site to site with VPN Dialer acces to the 506E. I would like to see how you have configured it, My Site to Site keeps getting dropped and I have to restart the 501 and magicly is it back up for about an hour, then gets dropped. I am starting to lean towards faulty equipment.
02-12-2006 11:38 PM
I really don't see the simularity in our cases, but if you say so it's probably true. I don't use a Virtual Dailer interface, and I don't get up my tunnels at the same time. But please enlighten me about your problem, and maybe we can take down this bull togheter.
/Regards
Dick Svensson
05-10-2007 04:15 AM
PIX 6.2(2) with site - to site vpn and new Easy VPN-remote to another PIX acting as Easy VPN Server. Does that work? Your example above says it is working for IOS.
Pix says that only crypto map or easy vpn remote can be active, not both.
Many Thanks
regards
Peter
05-17-2007 10:57 AM
I have the same problem with the site-to-site and easy vpn remote on the same interface.
Can you help me please?,
Thanks in advance
07-21-2017 02:12 AM
Hi,
Today, after 11 years I've come with the same problem. Can you pls share the sample config?
07-21-2017 10:37 PM
Boy, had to scan the archives to find this. I don't even know how valid this is any more really, as the IOS config has moved on quite significantly from there, but I've attached the HTML file I made up years ago and a small picture to go along with it.
Note the .txt file will need to be renamed to .html, then you sould just be able to browse to it directly. This system wouldn't let me upload a .html file.
Have fun.
07-23-2017 03:15 AM
Thank you SIR, for you prompt response. My case is Router B, however, my P2P VPN is working normally, when I add ezvpn conf, EZVPN starts working normally but P2P VPN shows the state as CONF_XAUTH.
However, I've found the solution which need to be tested.
"Use the no-xauth keyword when you enter the isakmp key, so the device does not prompt the peer for XAUTH information (username and password). This keyword disables XAUTH for static IPsec peers. Enter a command similar to this on the device that has both L2L and RA VPN configured on the same crypto map:"
router(config)#crypto isakmp key cisco123 address 172.22.1.164 no-xauth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide