Shawn Yes this is the preferred solution. The only thing I would add is to apply the isakmp profile to th crypto map to force ez to use it.
Stu Sent from my iPhone On 9 Aug 2009, at 20:38, "Shawn H. Mesiatowsky" <[email protected]> wrote: > I was trying to setup easyvpn server and L2L cpn on the same ios > router. When an L2L tunnel would try to establish, it would try to > use xauth as this was applied to the crypto map. To fix this I > created a separate isakmp profile using xauth and only applied it to > the vpn group for easyvpn. Just wondering if this is the correct way > to handle this, or if there is any other way (recommended or not) > > > > crypto isakmp policy 10 > > encr 3des > > hash md5 > > authentication pre-share > > group 2 > > crypto isakmp key cisco address 172.16.115.1 > > crypto isakmp client configuration group vpngroup > > key cisco > > pool vpnpool > > save-password > > > > crypto isakmp profile isakmp_dynamic > > match identity group vpngroup > > client authentication list vpn > > isakmp authorization list vpn > > client configuration address respond > > > > crypto ipsec transform-set trans1 esp-3des esp-md5-hmac > > > > crypto dynamic-map dynmap 10 > > set transform-set trans1 > > reverse-route > > > > crypto map mymap 10 ipsec-isakmp > > set peer 172.16.115.1 > > set transform-set trans1 > > match address vpn > > > > crypto map mymap 50 ipsec-isakmp dynamic dynmap > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
