[c-nsp] Cisco Router - L2L VPN and Remote Access VPN on same Router Example
Bernard Wanyama
bwanyama at syntechug.com
Thu Feb 2 09:13:46 EST 2012
Hi Erik,
Try this:
aaa authentication login LOCAL_AUTH local >>> keeps your SSH & Telnet working
aaa authorization network VPN_LOCAL_AUTH local >>>> for Xauth
crypto map REMOTE_VPN client authentication list LOCAL_AUTH
crypto map REMOTE_VPN isakmp authorization list VPN_LOCAL_AUTH
Create dynamic crypto map for the L2L:
**********************************************
crypto dynamic-map REMOTE_MAP 1
set transform-set STRONG-AES
reverse-route
Let the Remote Access VPNs come first:
**********************************************
crypto map REMOTE_VPN 1 ipsec-isakmp
Then proceed with a dynamic map:
**********************************************
crypto map REMOTE_VPN 120 ipsec-isakmp dynamic REMOTE_MAP
Apply crypto map on the interface.
Kind regards,
Bernard
On 2 February 2012 06:28, Erik Sundberg <ESundberg at nitelusa.com> wrote:
> Does anyone have an example of a Cisco Router that has a L2L VPN and a Remote Access VPN with xAuth?
>
> I can get one or the other working, but not both. For some reason the L2L VPN want to use XAuth cause it not to work.
>
> Just need the crypt * and the aaa * commands.
>
> Thanks
>
> Erik
>
>
>
> ________________________________
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Bernard Wanyama
Technical Manager
SYNTECH ASSOCIATES Ltd
Kampala, Uganda
Cell: +256 712 193979
Fixed: +256 414 251591
Web: www.syntechug.com
Email: bwanyama at syntechug.com
More information about the cisco-nsp
mailing list