Showing results for 
Search instead for 
Did you mean: 

site-to-site and easy vpn server on same interface

harsha senaratna

hi all,

Is there any possibility of running Site to Site VPN and Eazy VPN on same router interface. Im having a cisco 7200 router. Here are my Easy VPN Server configurations.

aaa authentication login userauthen local
aaa authorization network groupauthor local

crypto isakmp policy 3
encr 3des
authentication pre-share
group 2

crypto isakmp client configuration group vpngrp
key *****************
dns *****
domain *********
pool *******

crypto ipsec transform-set backup esp-3des esp-sha-hmac

crypto dynamic-map dynmap 10
set transform-set backup

crypto map EZVPN client authentication list userauthen
crypto map EZVPN isakmp authorization list groupauthor
crypto map EZVPN client configuration address respond
crypto map EZVPN 10 ipsec-isakmp dynamic dynmap

interface GigabitEthernet0/1
crypto map EZVPN

Now it is required to implement site to site vpn among selected sites on top of this cisco 7200 router. Because of that is there any possibility of applying a

different crypto map to same interface (Gi 0/1) ? Because I cannot define any crypto map sequence numbers in EZVPN.

Is there any other way to implement this scenario ? Your responses are highly.


1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

Yes you can definitely have ezvpn server and lan-to-lan ipsec tunnel on the same interface with different crypto map sequence number.

For the lan-to-lan tunnel, just configure the following:

crypto map EZVPN 5 ipsec-isakmp

   set peer

   set transform-set

   match address

BTW, why can't you apply crypto map sequence number in EZVPN? you can't apply different crypto map to the same interface unfortunately.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: