Dynamic & Static VTI

Michalis Michael · ‎10-27-2009

I connect 2 routers with static vti. I have also configured a dynamic vti on each router in order to allow some users to connect from their PCs remotely. The static vti is working fine. When a remote user try to connect with vpn client to the network the tunnel that connects the two routers is disconnected.

Is it possible to have static and dynamic vti on the same router?

I am attaching the CLI configuration of one of the routers. The second router has similar configuration.

Herbert Baerten · ‎10-28-2009

try this:

crypto isakmp profile IKE-PROFILE-2

match identity address n.n.n.n (address of the peer)

crypto ipsec profile PROF1

set transform-set ESP-AES-SHA

set isakmp profile IKE-PROFILE-1

crypto ipsec profile PROF2

set transform-set ESP-AES-SHA

set isakmp profile IKE-PROFILE-2

interface Tunnel0

tunnel protection ipsec profile PROF2

If there is still a problem, then get :

debug crypto isakmp

debug crypto ipsec

debug crypto socket

debug tunnel protection

Start the debugs before the problem occurs.