03-16-2013 10:15 AM - edited 02-21-2020 06:46 PM
Hi dears
i configurate two tunnels(site to site vpn) and easy vpn (remote vpn)on cisco router 3925.
Tunnels and remote access vpn are working normal but i have one issue.
when the one of the tunnel is down , the tunnel is not up automatically.
i do some test. i erasy remote vpn crypto map and do some test.
clear crypto isakmp sa. the tunnels down then the tunnels are up automaticaly.
i think that tunnel vpn conflict remote access vpn but what is a problem.
vpn part of configuration.
crypto isakmp policy 1 ----------------tunnels
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2 -----------------remote vpn
encr aes
authentication pre-share
group 2
!
crypto isakmp key xxxxx address y.y.y.y
crypto isakmp key xxxx address x.x.x.x
crypto isakmp nat keepalive 300
crypto isakmp client configuration group vpncikil
key c1sc0A123!
dns 10.103.70.20 10.103.70.21
domain vtbaze.local
pool ippool
acl 102
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set Router_Ipsec esp-3des esp-sha-hmac -------tunnel
mode tunnel
crypto ipsec transform-set myset esp-aes esp-sha-hmac ---- remote vpn
mode tunnel
crypto map Center client authentication list userauthentication
crypto map Center isakmp authorization list groupauthor
crypto map Center client configuration address respond
crypto map Center 2 ipsec-isakmp
set peer x.x.x.x
set security-association idle-time 86400
set transform-set Router_Ipsec
set pfs group2
match address xiyar
crypto map Center 3 ipsec-isakmp
set peer y.y.y.y
set security-association idle-time 86400
set transform-set Router_Ipsec
set pfs group2
match address sada
crypto map Center 65535 ipsec-isakmp dynamic dynmap
ip access-list standard RA_VPN_Redistribute
permit 192.168.10.0 0.0.0.255
router eigrp 90
network 10.103.74.1 0.0.0.0
network 172.30.30.1 0.0.0.0
redistribute static metric 10000 1 255 1 1500 route-map RA_VPN_Redistribute
!
apply Center to outsdie interface.
03-18-2013 06:56 PM
I believe you are using the default group policy for ipsec which defines properties for ssl and ipsec (ipsec includes both rVPN and LAN2LAN)
Define a policy for the L2L and used that with the tunnel
Use the default with the rVPN
Sent from Cisco Technical Support iPhone App
03-19-2013 01:40 AM
Hi. thank you to help me.
i confuse someting.
this is my policy configuration.
site to site vpn
crypto isakmp policy 1
encr 3des
authentication pre-share
hash sha
group 2
remote vpn
crypto isakmp policy 2
encr aes
authentication pre-share
hash sha
group 2
please modify the policy configuration.(as you say above).
thanks.
03-19-2013 02:22 AM
remote vpn default policy
i delete crypto isakmp policy 2 and write crypto isakmp default policy for remote vpn.
and not modify site to site vpn.
crypto isakmp policy 1
encr 3des
authentication pre-share
hash sha
group 2
is this correct?
thanks
03-20-2013 08:29 AM
Hi garyprice. can you help me?
03-21-2013 10:37 AM
HI.
you wrote that :Use the default with the rVPN.
what is command of the default policy for remote vpn?
is this command?
crypto isakmp default policy
if yes what is trasform-set of remote vpn?
thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide