12-13-2011 11:26 PM - edited 02-21-2020 05:46 PM
firstly i configurated ipsec vpn and 1 month i used ipsec vpn. all of them are ok.,working. then i configurated l2tp over ipsec .l am working with l2tp over ipsec vpn. all vpn connection are ok, all of them working perfectly at vpn connection at l2tp over ipsec vpn.
but i want i to use both ipsec and l2tp over ipsec vpn.but how i use both of them?
i know i used one crypto map and i must be apply only one crypto map to my outside interface.
this my ipsec and l2tp over ipsec config.now i use only l2tp over ipsec vpn.
crypto isakmp policy 10 this used for windows xp user for l2tp over ipsec vpn
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535 this used windows 7 and vista for l2tp over ipsec vpn
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
must i write new policy for ipsec vpn or policy 10 is enougth used for both vpn connection?
crypto ipsec transform-set RA-TS esp-3des esp-md5-hmac --------i used this for ipsec connection.
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac ------- l2tp over ipsec
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec transform-set aes128sha esp-aes esp-sha-hmac
crypto ipsec transform-set aes128sha mode transport
crypto ipsec transform-set aes256sha esp-aes-256 esp-sha-hmac
crypto ipsec transform-set aes256sha mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYN_MAP 10 set transform-set RA-TS --- i used this for ipsec connection
crypto dynamic-map DYN_MAP 10 set reverse-route
crypto dynamic-map out_dyn_map 10 set transform-set TRANS_ESP_3DES_MD5 aes128sha aes256sha -- l2tp over ipsec
crypto map VPN_MAP 30 ipsec-isakmp dynamic DYN_MAP i used this for ipsec connection
crypto map outside_map 65000 ipsec-isakmp dynamic out_dyn_map l2tp over ipsec.
crypto map outside_map interface outside
iknow that i must be change something at this part.
the group ploicy and tunnel are normal at my config.
please write your comment.
thanks
12-14-2011 06:48 AM
I guess new transform set for remote access (VPN Client),another sequence for DYN_MAP 20 calling new transform set.
Same isakmp and pool can be used then group policy and tunnel group. Should work .
Thanks
Ajay
12-14-2011 11:24 AM
thanks to reply me.
i have a transfor set for ipsec vpn client. yes you are rigth i have same sequence dynamic map. which one i changed? and then what about crytpto map? how i do it? please write to me how to do at my configuration??
i have real working network i confused to test it. please write me how to do it.
thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide