Hi,

attached are the config files for the router.

Let me know your comments and observations. I noticed that when i applied the remote VPN config, my site-to-site vpn stopped working. reason being that the crypto map policies for the fast ethernet interfaces had changed.

Femi

You have found your answer, you cannot apply different crypto map to the same interface. use the same crypto map for your site to site and your remote VPN. That is all there is to it.

As mentioned by Femi, We are also having the same problem. In any router we can only assign to one crypto map. And have use the same name for S2S & Remote access configuration. It's causing the S2S tunnel to fail.

Any ideal how to do it?

Hi,

what u need to do is create same Crypto map for both the site to site and remote access.

Just use the same crypto map name

see sample below

crypto dynamic-map DYNMAP_2 10

set transform-set t_aml1

crypto map VPN-Map-1 client authentication list sdm_vpn_xauth_ml_1

crypto map VPN-Map-1 isakmp authorization list sdm_vpn_group_ml_1

crypto map VPN-Map-1 client configuration address respond

! Crypto-map is created for site-to-site tunnel1

crypto map VPN-Map-1 10 ipsec-isakmp

set peer 1.1.1.1

set transform-set ESP-3DES-SHA2

set pfs group2

match address Crypto-list

! Crypto-map is created for site-to-site tunnel2

crypto map VPN-Map-1 11 ipsec-isakmp

set peer 2.2.2.2

set transform-set ESP-3DES-SHA2

set pfs group2

match address Crypto-list

! Crypto-map is created for Remote Access

crypto map VPN-Map-1 35 ipsec-isakmp dynamic DYNMAP_2

Femi

that was my reply few weeks ago but never got credits for it;

Refer to "no-xauth" for the authentication problems you are probably going to find