Hi, The best approach is to create isakmp profile for both the ezyvpn and the l2l. create a key ring to define the key for the l2l peer and refrence that in the isakmp profile for the l2l.
You then map the profile and transform sets to dynamic maps. Regards. segundaini (+234.803.200.6749) "It is difficult to get a man to understand something when his salary depends upon his not understanding it." - Upton Sinclair ________________________________ From: Shawn H. Mesiatowsky <[email protected]> To: [email protected] Sent: Sunday, August 9, 2009 8:38:45 PM Subject: [OSL | CCIE_Security] easyvpn and L2L on same cisco router I was trying to setup easyvpn server and L2L cpn on the same ios router. When an L2L tunnel would try to establish, it would try to use xauth as this was applied to the crypto map. To fix this I created a separate isakmp profile using xauth and only applied it to the vpn group for easyvpn. Just wondering if this is the correct way to handle this, or if there is any other way (recommended or not) crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key cisco address 172.16.115.1 crypto isakmp client configuration group vpngroup key cisco pool vpnpool save-password crypto isakmp profile isakmp_dynamic match identity group vpngroup client authentication list vpn isakmp authorization list vpn client configuration address respond crypto ipsec transform-set trans1 esp-3des esp-md5-hmac crypto dynamic-map dynmap 10 set transform-set trans1 reverse-route crypto map mymap 10 ipsec-isakmp set peer 172.16.115.1 set transform-set trans1 match address vpn crypto map mymap 50 ipsec-isakmp dynamic dynmap
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
