setting up 'easy vpn server' on 2800s router with site-to-site vpn

Unanswered Question
Feb 15th, 2010

hi guys
I am setting up vpn connection on 2800s router.

there is already gre tunnels and site-to-site vpn connections onm this router.

I tried to create an 'easy vpn' connection but it failed as my interface fa0/1 is the source for gre tunnel in existing configuration.


Now without touching the existing gre tunnel config, is it possible for me to setup a vpn connection using fa0/1, so my users can connect to vpn to this router via cisco vpn client?

Please help.
Cheers

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Aun Iqbal Tue, 02/16/2010 - 13:44

hi there, see the below config from my lab:

---------------------------------------------

I think I am a bit close, but need to find a way to co-exist the site-to-site map and dynamic map (for my vpn client) under the same crypto map applied on interface fa0/1

!!!!!!!!!!!!!!!!!!!! This is existing config !!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!! for site-to-site vpn !!!!!!!!!!!!!!!!!!!!!!!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth

!

!

crypto ipsec transform-set mySite esp-3des esp-sha-hmac

mode transport

!

!

!

crypto map site-to-site-map 1 ipsec-isakmp

description Site to Site VPN to remote site

set peer 205.1.2.3

set transform-set mySite

match address 123

!

!

!

interface Tunnel1

description GRE Tunnel to Remote site (192.168.40.2)

bandwidth 100000

ip address 192.168.40.1 255.255.255.0

keepalive 10 3

tunnel source FastEthernet0/1

tunnel destination 201.x.x.x

!

!

!

interface FastEthernet0/1

description TO_Internet

ip address 201.1.2.3 255.255.255.252

ip access-group INTERNET-IN in

load-interval 30

speed 100

full-duplex

crypto map site-to-site-map

!

!

!!!!!!!!!!!!!!!!!!!! My solution for vpn client !!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

aaa authentication login VPN_AUTH local

!

ip local pool MY_VPN_POOL 10.100.10.10 10.100.10.20

!

!

crypto ipsec transform-set MY_VPN_SET esp-3des esp-sha-hmac

!

!

!

crypto map MY_VPN client authentication list VPN_AUTH

crypto map MY_VPN isakmp authorization list VPN_AUTH

crypto map MY_VPN client configuration address respond

crypto map MY_VPN 10 ipsec-isakmp dynamic MY_VPN_MAP

!

!

!

crypto isakmp client configuration group MY_VPN

key cisco

dns x.x.x.x

domain x.x.x.x

pool MY_VPN_POOL

!

!

!

!!!!!!!!!!!!!!!! this is where the problem is !!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!Should I use the below or the one after that, cuz I need dynamic-map !!!!!!!!!!!!!!!!!!!

!

crypto map site-to-site-map 2 ipsec-isakmp

  description VPN For MY_VPN

  set transform-set MY_VPN_SET

!

!!!!!!!!!!!!!!!!!!OR this one, cuz I need dynamic-map !!!!!!!!!!!!!!!!!!!

!

crypto dynamic-map MY_VPN_MAP 10

set transform-set MY_VPN_SET

reverse-route

Actions

This Discussion