Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can I have both a IKEv1 and IKEv2 L2L to same ip peer?

Hi  Guys

 

I am trying to configure a second site to site VPN to a Cisco ASA 5520..

The first L2L is a IKEv2 VPN and that works fine and have no issues 

 

I am now trying to create a IKEv1 L2L  to the same Cisco ASA, I initially got the warning message throug the ASDM that I had to use Digital certificate based auth or use Aggressive mode if I was givin the connection a name. 

 

So I have ensured both peers are using IKEv1  and now i am noticing that the incoming ikev1 L2L connection is landing on the tunnel group that is configured for IKEv2 (my first connection)

 

Therefore I am getting the error 'No preshared key configured for group' 

 

Is there a way to get around this? 

 

Regards

 

Everyone's tags (5)
2 REPLIES
Hall of Fame Super Silver

You need to use one or the

You need to use one or the other L2L VPN type - not both.

Why would you want both anyway?

New Member

Hi Marvin Thank you for your

Hi Marvin

 

Thank you for your reply 

I had an exisitng IKEv2 L2L to between two ASA

I needed to add another L2L as a different network subnet required access and for this I tried to setup a IKEv1 using aggressive mode. This is becuase my destination ASA was the same IP for my orginal IKEv2 L2l and my thinking was that if I use aggressive mode then it will differentiate between my two L2L's.

Clearly this is not the case... so I guess my best bethod is to use certificate based auth for my IKEv2 L2L?... does this mean that I will need to change my original IKEv2 L2L to cert based as well?

 

Kind Regards

 

 

344
Views
0
Helpful
2
Replies
CreatePlease to create content