03-20-2014 07:47 AM
Hi Guys
I am trying to configure a second site to site VPN to a Cisco ASA 5520..
The first L2L is a IKEv2 VPN and that works fine and have no issues
I am now trying to create a IKEv1 L2L to the same Cisco ASA, I initially got the warning message throug the ASDM that I had to use Digital certificate based auth or use Aggressive mode if I was givin the connection a name.
So I have ensured both peers are using IKEv1 and now i am noticing that the incoming ikev1 L2L connection is landing on the tunnel group that is configured for IKEv2 (my first connection)
Therefore I am getting the error 'No preshared key configured for group'
Is there a way to get around this?
Regards
03-20-2014 08:22 AM
You need to use one or the other L2L VPN type - not both.
Why would you want both anyway?
03-20-2014 08:32 AM
Hi Marvin
Thank you for your reply
I had an exisitng IKEv2 L2L to between two ASA
I needed to add another L2L as a different network subnet required access and for this I tried to setup a IKEv1 using aggressive mode. This is becuase my destination ASA was the same IP for my orginal IKEv2 L2l and my thinking was that if I use aggressive mode then it will differentiate between my two L2L's.
Clearly this is not the case... so I guess my best bethod is to use certificate based auth for my IKEv2 L2L?... does this mean that I will need to change my original IKEv2 L2L to cert based as well?
Kind Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide