IPsec tunnel site to site and remote client both with dynamic map possible?

mm2408 · ‎11-19-2017

Hello!

I try to set up an IPsec vpn, I have both a Site to Site and some remote clients. The other VPN Router has only dynamic IP, so I need a dynamic map for the site to site also.

I've tried to set it up like you see underneath, but this way, only the site to site VPN works, if I delete the line:

crypto isakmp key xxxxxxxx address 0.0.0.0         no-xauth

then only the remote client works.

Is there a way that both things are working at the same time?

crypto isakmp policy 100
 encr aes 256
 hash md5
 authentication pre-share
 group 14
crypto isakmp key xxxxxxxx address 0.0.0.0         no-xauth
crypto isakmp invalid-spi-recovery
!
crypto isakmp client configuration group xxxxxxxxxx
 key xxxxxxxxxx
 pool VPNclient
!
crypto ipsec security-association lifetime seconds 900
!
crypto ipsec transform-set IPsec_TS esp-aes 256 esp-md5-hmac
 mode tunnel
!
!
!
crypto dynamic-map VPNCLIENT 1
 set security-association idle-time 1800
 set transform-set IPsec_TS
 reverse-route
!
crypto dynamic-map VPNHQ 10
 set security-association lifetime seconds 43200
 set transform-set IPsec_TS
 match address IPsec_ACL
!
!
crypto map IPsec_CM local-address Vlan1
crypto map IPsec_CM client authentication list userlist
crypto map IPsec_CM isakmp authorization list grouplist
crypto map IPsec_CM client configuration address respond
crypto map IPsec_CM 10 ipsec-isakmp dynamic VPNHQ
crypto map IPsec_CM 1000 ipsec-isakmp dynamic VPNCLIENT
!
!

Thank you very much!

mm2408 · ‎11-21-2017

Has nobody got an idea?

Thank you