Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

site-to-site and easy vpn server on same interface

hi all,

Is there any possibility of running Site to Site VPN and Eazy VPN on same router interface. Im having a cisco 7200 router. Here are my Easy VPN Server configurations.

aaa authentication login userauthen local
aaa authorization network groupauthor local

crypto isakmp policy 3
encr 3des
authentication pre-share
group 2

crypto isakmp client configuration group vpngrp
key *****************
dns *****
domain *********
pool *******
save-password

crypto ipsec transform-set backup esp-3des esp-sha-hmac

crypto dynamic-map dynmap 10
set transform-set backup


crypto map EZVPN client authentication list userauthen
crypto map EZVPN isakmp authorization list groupauthor
crypto map EZVPN client configuration address respond
crypto map EZVPN 10 ipsec-isakmp dynamic dynmap

interface GigabitEthernet0/1
crypto map EZVPN

Now it is required to implement site to site vpn among selected sites on top of this cisco 7200 router. Because of that is there any possibility of applying a

different crypto map to same interface (Gi 0/1) ? Because I cannot define any crypto map sequence numbers in EZVPN.

Is there any other way to implement this scenario ? Your responses are highly.

Thanks.

1 REPLY
Cisco Employee

site-to-site and easy vpn server on same interface

Yes you can definitely have ezvpn server and lan-to-lan ipsec tunnel on the same interface with different crypto map sequence number.

For the lan-to-lan tunnel, just configure the following:

crypto map EZVPN 5 ipsec-isakmp

   set peer

   set transform-set

   match address

BTW, why can't you apply crypto map sequence number in EZVPN? you can't apply different crypto map to the same interface unfortunately.

1712
Views
0
Helpful
1
Replies
CreatePlease to create content