Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Can I have both a IKEv1 and IKEv2 L2L to same ip peer?

Hi  Guys


I am trying to configure a second site to site VPN to a Cisco ASA 5520..

The first L2L is a IKEv2 VPN and that works fine and have no issues 


I am now trying to create a IKEv1 L2L  to the same Cisco ASA, I initially got the warning message throug the ASDM that I had to use Digital certificate based auth or use Aggressive mode if I was givin the connection a name. 


So I have ensured both peers are using IKEv1  and now i am noticing that the incoming ikev1 L2L connection is landing on the tunnel group that is configured for IKEv2 (my first connection)


Therefore I am getting the error 'No preshared key configured for group' 


Is there a way to get around this? 




Everyone's tags (5)
Hall of Fame Super Silver

You need to use one or the

You need to use one or the other L2L VPN type - not both.

Why would you want both anyway?

New Member

Hi Marvin Thank you for your

Hi Marvin


Thank you for your reply 

I had an exisitng IKEv2 L2L to between two ASA

I needed to add another L2L as a different network subnet required access and for this I tried to setup a IKEv1 using aggressive mode. This is becuase my destination ASA was the same IP for my orginal IKEv2 L2l and my thinking was that if I use aggressive mode then it will differentiate between my two L2L's.

Clearly this is not the case... so I guess my best bethod is to use certificate based auth for my IKEv2 L2L?... does this mean that I will need to change my original IKEv2 L2L to cert based as well?


Kind Regards



CreatePlease to create content