cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1419
Views
0
Helpful
2
Replies

Can I have both a IKEv1 and IKEv2 L2L to same ip peer?

Mohamed Hamid
Level 1
Level 1

Hi  Guys

 

I am trying to configure a second site to site VPN to a Cisco ASA 5520..

The first L2L is a IKEv2 VPN and that works fine and have no issues 

 

I am now trying to create a IKEv1 L2L  to the same Cisco ASA, I initially got the warning message throug the ASDM that I had to use Digital certificate based auth or use Aggressive mode if I was givin the connection a name. 

 

So I have ensured both peers are using IKEv1  and now i am noticing that the incoming ikev1 L2L connection is landing on the tunnel group that is configured for IKEv2 (my first connection)

 

Therefore I am getting the error 'No preshared key configured for group' 

 

Is there a way to get around this? 

 

Regards

 

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

You need to use one or the other L2L VPN type - not both.

Why would you want both anyway?

Hi Marvin

 

Thank you for your reply 

I had an exisitng IKEv2 L2L to between two ASA

I needed to add another L2L as a different network subnet required access and for this I tried to setup a IKEv1 using aggressive mode. This is becuase my destination ASA was the same IP for my orginal IKEv2 L2l and my thinking was that if I use aggressive mode then it will differentiate between my two L2L's.

Clearly this is not the case... so I guess my best bethod is to use certificate based auth for my IKEv2 L2L?... does this mean that I will need to change my original IKEv2 L2L to cert based as well?

 

Kind Regards

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: