This is the case:
We have a remote site which needs to be connected to our office, and at the same time be connected to a third party, both using VPN.
The connection to our office is done by EasyVPN and the one to the third party is done by using a crypto-map (ISKMP tunnel). According to the documentation, this should be possible:
Easy VPN Remote and Site to Site on the same Interface
This feature allows the Easy VPN remote and site to site (crypto map) to be supported on the same interface, making it possible to both establish a tunnel to another Easy VPN server and have another site to site on the same interface simultaneously. A typical application would be a third-party VPN service provider that is managing a remote router via the site-to-site tunnel and using Easy VPN Remote to connect the remote site to a corporate Easy VPN server.
For more information about the Easy VPN Remote and Site to Site on the Same Interface feature, see "Easy VPN Remote and Site to Site on the Same Interface" in the section " Additional References
I'm basically just interested in the document that's being referred to, it's exactly our case...
Have anyone done this, or have ideas of how it should be done ?
Txs, in advance.
I wrote a sample config for this a while back that has yet to be published to CCO. I'll email the html page straight to the email address in your CCO profile, let me know if the email address is invalid or you want me to end it somewhere else.
I have recived your email, and will start to look at the example. I will get back to this thread and post a followup to inform others how it's progressing.
I too am have a similar circumstance. I have a PIX 501 and a PIX 506E in a site to site with VPN Dialer acces to the 506E. I would like to see how you have configured it, My Site to Site keeps getting dropped and I have to restart the 501 and magicly is it back up for about an hour, then gets dropped. I am starting to lean towards faulty equipment.
I really don't see the simularity in our cases, but if you say so it's probably true. I don't use a Virtual Dailer interface, and I don't get up my tunnels at the same time. But please enlighten me about your problem, and maybe we can take down this bull togheter.
PIX 6.2(2) with site - to site vpn and new Easy VPN-remote to another PIX acting as Easy VPN Server. Does that work? Your example above says it is working for IOS.
Pix says that only crypto map or easy vpn remote can be active, not both.
I have the same problem with the site-to-site and easy vpn remote on the same interface.
Can you help me please?,
Thanks in advance
Boy, had to scan the archives to find this. I don't even know how valid this is any more really, as the IOS config has moved on quite significantly from there, but I've attached the HTML file I made up years ago and a small picture to go along with it.
Note the .txt file will need to be renamed to .html, then you sould just be able to browse to it directly. This system wouldn't let me upload a .html file.
Thank you SIR, for you prompt response. My case is Router B, however, my P2P VPN is working normally, when I add ezvpn conf, EZVPN starts working normally but P2P VPN shows the state as CONF_XAUTH.
However, I've found the solution which need to be tested.
"Use the no-xauth keyword when you enter the isakmp key, so the device does not prompt the peer for XAUTH information (username and password). This keyword disables XAUTH for static IPsec peers. Enter a command similar to this on the device that has both L2L and RA VPN configured on the same crypto map:"
router(config)#crypto isakmp key cisco123 address 172.22.1.164 no-xauth