Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
2
Replies

EasyVPN Server EasyVPN Remote and Site to Site VPN's on one inside int

remaxgcrealtors
Level 1
Level 1

‎10-10-2006 03:19 PM

I am currently running IOS version: 2801 Software (C2801-ADVSECURITYK9-M), Version 12.4(5a), RELEASE SOFTWARE (fc3).

I have 7 site to site VPN connections coming into our main office and tunneling to a single internal vlan.

I am trying to configure the Easy VPN Remote to also tunnel into this same internal interface but it wont allow me.

I'm sure there can be some kind of work around for this issue, but my VPN architecture knowledge is only so good. Is there a way that I can configure my VPN solution so that I can still have my site to site connections and also allow remote clients to connect with CiscoVPN software into the same internal network?

Any help or insight would greatly be appreciated and I thank you in advance.

Please let me know if you need anything from me as far as configs.

Chad Jones

Remax Gold Coast Realtors

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎10-10-2006 03:58 PM

Chad

I do not have much experience with the Easy VPN Remote implementation. So I am not in a good position to advise on aspects of implementing this. But I have implemented what you describe with site to site VPN tunnels and Remote Access VPN where clients with Cisco VPN software connect to the same router and establish VPN connections. I have done this with command line configuration. Some of the more important aspects of this include:

- maintain the configuration of your site to site tunnels in the crypto map.

- configure a new instance of the crypto map for a dynamic entry. Make sure that the crypto map number for the dynamic map entry is higher than any static entry.

- assuming that you will authenticate the client software users but not the site to site connections include the no-xauth parameter on the crypto key configuration statements for the site to site connections.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents