[c-nsp] Cisco Router - L2L VPN and Remote Access VPN on same Router Example

Bernard Wanyama bwanyama at syntechug.com
Thu Feb 2 09:13:46 EST 2012 

Hi Erik,

Try this:

aaa authentication login LOCAL_AUTH local  >>> keeps your SSH & Telnet working

aaa authorization network VPN_LOCAL_AUTH local >>>> for Xauth



crypto map REMOTE_VPN client authentication list LOCAL_AUTH
crypto map REMOTE_VPN isakmp authorization list VPN_LOCAL_AUTH

Create dynamic crypto map for the L2L:
**********************************************
crypto dynamic-map REMOTE_MAP 1
 set transform-set STRONG-AES
 reverse-route


Let the Remote Access VPNs come first:
**********************************************
crypto map REMOTE_VPN 1 ipsec-isakmp

Then proceed with a dynamic map:
**********************************************
crypto map REMOTE_VPN 120 ipsec-isakmp dynamic REMOTE_MAP


Apply crypto map on the interface.

Kind regards,
Bernard

On 2 February 2012 06:28, Erik Sundberg <ESundberg at nitelusa.com> wrote:
> Does anyone have an example of a Cisco Router that has a L2L VPN and a Remote Access VPN with xAuth?
>
> I can get one or the other working, but not both. For some reason the L2L VPN want to use XAuth cause it not to work.
>
> Just need the crypt * and the aaa * commands.
>
> Thanks
>
> Erik
>
>
>
> ________________________________
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error please notify the sender immediately by replying to this e-mail. You must destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



-- 
Bernard Wanyama
Technical Manager
SYNTECH ASSOCIATES Ltd
Kampala, Uganda
Cell: +256 712 193979
Fixed: +256 414 251591
Web: www.syntechug.com
Email: bwanyama at syntechug.com

More information about the cisco-nsp mailing list