Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
0
Helpful
2
Replies

configurate both vpn ipsec and l2tp over ipsec at ASA at same time.

teymur azimov
Level 1
Level 1

‎12-13-2011 11:26 PM - edited ‎02-21-2020 05:46 PM

firstly i configurated ipsec vpn and 1 month i used ipsec vpn. all of them are ok.,working.   then i configurated l2tp over ipsec .l am working with l2tp over ipsec vpn. all vpn connection are ok, all of them working perfectly at vpn connection at l2tp over ipsec vpn.

but i want i to use both ipsec and l2tp over ipsec vpn.but how i use both of them?

i know i used one crypto map and i must be apply only one crypto map to my outside interface.

this my ipsec and l2tp over ipsec config.now i use only l2tp over ipsec vpn.

crypto isakmp policy 10                  this used for windows xp user for l2tp over ipsec vpn

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 65535                 this used windows 7 and vista for l2tp over ipsec vpn

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

must i write new policy for ipsec vpn or policy 10  is enougth used for both vpn connection?

crypto ipsec transform-set RA-TS esp-3des esp-md5-hmac   --------i used this for ipsec connection.

crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac  ------- l2tp over ipsec

crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport

crypto ipsec transform-set aes128sha esp-aes esp-sha-hmac

crypto ipsec transform-set aes128sha mode transport

crypto ipsec transform-set aes256sha esp-aes-256 esp-sha-hmac

crypto ipsec transform-set aes256sha mode transport

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map DYN_MAP 10 set transform-set RA-TS        --- i used this for ipsec connection

crypto dynamic-map DYN_MAP 10 set reverse-route

crypto dynamic-map out_dyn_map 10 set transform-set TRANS_ESP_3DES_MD5 aes128sha aes256sha --  l2tp over ipsec

crypto map VPN_MAP 30 ipsec-isakmp dynamic DYN_MAP   i used this for ipsec connection

crypto map outside_map 65000 ipsec-isakmp dynamic out_dyn_map  l2tp over ipsec.

crypto map outside_map interface outside

iknow that i must be change something at this part.

the group ploicy and tunnel are normal at my config.

please write your comment.

thanks

Labels:
0 Helpful
2 Replies 2

ajay chauhan
Level 7
Level 7

‎12-14-2011 06:48 AM

I guess new transform set for remote access (VPN Client),another sequence for DYN_MAP 20 calling new transform set.

Same isakmp and pool can be used then group policy and tunnel group. Should work .

Thanks

Ajay

0 Helpful

teymur azimov
Level 1
Level 1
In response to ajay chauhan

‎12-14-2011 11:24 AM

thanks to reply me.

i have a transfor set for ipsec vpn client.  yes you are rigth i have same sequence dynamic map. which one i changed? and then what about  crytpto map? how i do it? please write to me how to do at my configuration??

i have real working network i confused to test it. please write me how to do it.

thanks.

0 Helpful
Customers Also Viewed These Support Documents