02-15-2010 04:01 PM
hi guys
I am setting up vpn connection on 2800s router.
there is already gre tunnels and site-to-site vpn connections onm this router.
I tried to create an 'easy vpn' connection but it failed as my interface fa0/1 is the source for gre tunnel in existing configuration.
Now without touching the existing gre tunnel config, is it possible for me to setup a vpn connection using fa0/1, so my users can connect to vpn to this router via cisco vpn client?
Please help.
Cheers
02-16-2010 06:43 AM
This URL describes a similar setup to what you are trying to do. The tunnel source is the same interface that has the crypto map applied. HTH
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801eafcb.shtml
02-16-2010 01:44 PM
hi there, see the below config from my lab:
---------------------------------------------
I think I am a bit close, but need to find a way to co-exist the site-to-site map and dynamic map (for my vpn client) under the same crypto map applied on interface fa0/1
!!!!!!!!!!!!!!!!!!!! This is existing config !!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!! for site-to-site vpn !!!!!!!!!!!!!!!!!!!!!!!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth
!
!
crypto ipsec transform-set mySite esp-3des esp-sha-hmac
mode transport
!
!
!
crypto map site-to-site-map 1 ipsec-isakmp
description Site to Site VPN to remote site
set peer 205.1.2.3
set transform-set mySite
match address 123
!
!
!
interface Tunnel1
description GRE Tunnel to Remote site (192.168.40.2)
bandwidth 100000
ip address 192.168.40.1 255.255.255.0
keepalive 10 3
tunnel source FastEthernet0/1
tunnel destination 201.x.x.x
!
!
!
interface FastEthernet0/1
description TO_Internet
ip address 201.1.2.3 255.255.255.252
ip access-group INTERNET-IN in
load-interval 30
speed 100
full-duplex
crypto map site-to-site-map
!
!
!!!!!!!!!!!!!!!!!!!! My solution for vpn client !!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
aaa authentication login VPN_AUTH local
!
ip local pool MY_VPN_POOL 10.100.10.10 10.100.10.20
!
!
crypto ipsec transform-set MY_VPN_SET esp-3des esp-sha-hmac
!
!
!
crypto map MY_VPN client authentication list VPN_AUTH
crypto map MY_VPN isakmp authorization list VPN_AUTH
crypto map MY_VPN client configuration address respond
crypto map MY_VPN 10 ipsec-isakmp dynamic MY_VPN_MAP
!
!
!
crypto isakmp client configuration group MY_VPN
key cisco
dns x.x.x.x
domain x.x.x.x
pool MY_VPN_POOL
!
!
!
!!!!!!!!!!!!!!!! this is where the problem is !!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!Should I use the below or the one after that, cuz I need dynamic-map !!!!!!!!!!!!!!!!!!!
!
crypto map site-to-site-map 2 ipsec-isakmp
description VPN For MY_VPN
set transform-set MY_VPN_SET
!
!!!!!!!!!!!!!!!!!!OR this one, cuz I need dynamic-map !!!!!!!!!!!!!!!!!!!
!
crypto dynamic-map MY_VPN_MAP 10
set transform-set MY_VPN_SET
reverse-route
02-17-2010 06:08 AM
Yes, you apply the dynamic map to the crypto map. Here is a better example of what you are trying to do. HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide