06-23-2015 12:25 AM
Hello,
I have Cisco 2811 router with 3 Lan to Lan tunnels configured, im trying to set up remote access VPN also, but when i do it crashes my L2L tunnels after a while.
This is the current configuration:
crypto keyring spokes
pre-shared-key address 0.0.0.0 0.0.0.0 key xxx
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp policy 2
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 periodic
crypto isakmp profile L2L
description LAN-TO-LAN for spoke router(s) connection
keyring spokes
match identity address 0.0.0.0
crypto ipsec transform-set rtpset esp-aes esp-sha-hmac
!
crypto dynamic-map rtpmap 10
set transform-set rtpset
set isakmp-profile L2L
match address 104
qos pre-classify
crypto dynamic-map rtpmap 20
set transform-set rtpset
set isakmp-profile L2L
match address 105
qos pre-classify
crypto dynamic-map rtpmap 30
set transform-set rtpset
set isakmp-profile L2L
match address 158
!
crypto map clientmap 10 ipsec-isakmp dynamic rtpmap
!
interface FastEthernet0/0
description $ETH-WAN$
crypto map clientmap
The config i was trying to set up remote access with:
aaa authentication login LINE group radius local
aaa authorization network groupauthor local
crypto isakmp client configuration group RA_VPN
key xxx
dns xxx
pool vpdn_1
acl 101
netmask 255.255.255.0
crypto dynamic-map rtpmap 40
set transform-set rtpset
reverse-route
crypto map clientmap client authentication list LINE
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address initiate
crypto map clientmap client configuration address respond
If you see a problem here or have other idea how to set up parallel L2L and RA tunnels please help:S
Thank you
Solved! Go to Solution.
06-25-2015 01:55 PM
Hi there,
Try this this and let me know.
crypto isakmp profile Prf_RA_VPN
description VPN clients profile
match identity group RA_VPN
client authentication list LINE
isakmp authorization list groupauthor
client configuration address respond
crypto dynamic-map rtpmap 50
set transform-set rtpset
set isakmp−profile Prf_RA_VPN
Thanks
Rizwan Rafeek
06-23-2015 08:25 AM
Are you setting up Remote access vpn for end-users and routers?
06-24-2015 11:40 PM
For users to connect when they're out of office.
06-25-2015 01:55 PM
Hi there,
Try this this and let me know.
crypto isakmp profile Prf_RA_VPN
description VPN clients profile
match identity group RA_VPN
client authentication list LINE
isakmp authorization list groupauthor
client configuration address respond
crypto dynamic-map rtpmap 50
set transform-set rtpset
set isakmp−profile Prf_RA_VPN
Thanks
Rizwan Rafeek
06-29-2015 12:34 AM
I set this up on Friday, so far so good :)
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide