Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Site to site and remote access

Is it possible to terminate a site to site vpn and a remote access vpn on the same Cisco 871 ISR?

2 REPLIES
Cisco Employee

Re: Site to site and remote access

Sure it is, your crypto map just has two instances, one a static pointing to the remote site-to-site peer, then a dynamic instance for your VPN clients coming in.

Something like:

crypto map test 5 ipsec-isakmp

   set peer 1.1.1.1

   set transform-set testset

   match address 115

crypto map test 10 ipsec-isakmp dynamic test-dynamic

New Member

Re: Site to site and remote access

Yes, there are two nuances:

1) You have to add dynamic entry after static in crypto-map configuration.

For example:

crypto map crM1 10 ipsec-isakmp

.

.

crypto map crM1 500 ipsec-isakmp dynamic crDM1

2) You have to add no-xauth keyword to avoid XAUTH authentication for site to site connection

For example:

crypto isakmp key 0 cisco address 192.168.1.1 no-xauth

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094685.shtml

135
Views
0
Helpful
2
Replies
CreatePlease login to create content