Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

2 Dynamic VPNs

Dear All,

I would like to know if two different dynamic VPNs can work on single ASA ?. For example I am trying to test L2TP/IPSec whereas Remote access IPSec VPN is already working on that ASA so what is happening that phase a for L2TP/IPSec is failing until and unless I put lower sequence number in the dynamic crypto map for transform-set of L2TP VPN but in this case remote access IPSec VPN get breaks.

Thanks & Regards,

Mujeeb

1 ACCEPTED SOLUTION

Accepted Solutions

2 Dynamic VPNs

Why don't u put all your transform sets in the one crypto-map entry?

For example, that's how it looks on our ASA:

crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set ESP-AES128-SHA ESP-3DES-SHA ESP-DES-SHA ESP-DES-MD5 TRANSPOT-FOR-L2TP-1 TRANSPOT-FOR-L2TP-2

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 mode transport

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 mode transport

crypto ipsec ikev2 ipsec-proposal DES

protocol esp encryption des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal 3DES

protocol esp encryption 3des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES

protocol esp encryption aes

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES192

protocol esp encryption aes-192

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES256

3 REPLIES
New Member

2 Dynamic VPNs

Typo

***** Phase 1 for L2TP/IPSec *******

2 Dynamic VPNs

Why don't u put all your transform sets in the one crypto-map entry?

For example, that's how it looks on our ASA:

crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set ESP-AES128-SHA ESP-3DES-SHA ESP-DES-SHA ESP-DES-MD5 TRANSPOT-FOR-L2TP-1 TRANSPOT-FOR-L2TP-2

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 esp-3des esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-1 mode transport

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set TRANSPOT-FOR-L2TP-2 mode transport

crypto ipsec ikev2 ipsec-proposal DES

protocol esp encryption des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal 3DES

protocol esp encryption 3des

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES

protocol esp encryption aes

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES192

protocol esp encryption aes-192

protocol esp integrity sha-1 md5

crypto ipsec ikev2 ipsec-proposal AES256

Cisco Employee

2 Dynamic VPNs

Hi Mujeeb,

Can you share you configuration for crypto ?

Also will be usefull to have outputs, when you are trying to connect,  from:

# deb cry isa 140

# de cry ips 140

Thank you

132
Views
0
Helpful
3
Replies
CreatePlease login to create content