02-28-2005 01:37 PM - edited 02-21-2020 01:38 PM
Hello,
We have a 3825 router at a remote facility with one Internet T-1 connected to it. The 3825 has multiple site-to-site vpn's running over the T-1, but now we also need to configure EasyVPN so that our Engineers can vpn into the remote site (to manage the servers behind the router). From what I can tell so far, there is no way to have both site-to-site and EasyVPN running over the same interface, since you can only apply one crypto map at a time.
Does anyone know how to accomplish this?
Sincerely,
-Laura
02-28-2005 07:35 PM
You can create multiple instances within your crypto map, indicated by instance numbers. Here is an example of setting up a router with LAN2LAN and EZVPN. The crypto map "mymap" is applied to the outside interface. Mymap instance 10 is for EZVPN. Mymap instance 20 is for LAN2LAN.
crypto isakmp policy 3
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key mykey address 1.2.3.4
crypto isakmp keepalive 30 10
!
crypto isakmp client configuration group 3000client
key cisco123
pool ippool
!
crypto ipsec transform-set TRANS esp-aes 256 esp-sha-hmac
!
crypto dynamic-map DYNO 10
set transform-set TRANS
!
crypto map mymap client authentication list userauthen
crypto map mymap isakmp authorization list groupauthor
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic DYNO
crypto map mymap 20 ipsec-isakmp
set peer 1.2.3.4
set transform-set TRANS
match address 101
03-04-2005 08:53 AM
Thank you so much - that worked! I had been using different map names for the Lan2Lan and EasyVPN. I didn't realize that the line:
crypto map mymap 10 ipsec-isakmp dynamic DYNO
Was how I could order it onto an existing map.
Thanks!
-Laura
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide