Simultaneous use of Remote Access VPN and Site-to-Site VPN has a few caveats.
Important configuration lines:
1. crypto isakmp key Pr3sh4r3DKEY address 188.8.131.52 no-xauth
Make sure to include no-xauth for Site-to-Site VPN peer.
2. crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP
Dynamic map should be last in crypto map assigned to external interface. You may use 65535 here at is is maximum supported number.
Example of Cisco IOS configuration with multiple VPN connections on one router:
crypto isakmp policy 1 encr aes 256 authentication pre-share group 2 crypto isakmp key Pr3sh4r3DKEY address 184.108.40.206 no-xauth crypto isakmp client configuration group REMOTEGROUP key dns 10.18.19.2 pool REMOTEPOOL acl 110 ! ! crypto ipsec transform-set REMOTEVPN esp-3des esp-sha-hmac ! crypto dynamic-map DYNMAP 10 set transform-set REMOTEVPN ! ! crypto map VPNMAP client authentication list vpnuserauth crypto map VPNMAP isakmp authorization list vpngroupauthor crypto map VPNMAP client configuration address respond crypto map VPNMAP 5 ipsec-isakmp set peer 220.127.116.11 set transform-set REMOTEVPN set pfs group2 match address VPN_ACL crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP ip local pool REMOTEPOOL 192.168.100.10 192.168.100.20
Hi, how I can see an example of the complete configuration, for a practiced packettracert or GNS3?
How to apply an extended ACL: VPN_ACL in NAT settings, to pass the traffic through the tunnel vpn ?, I use different ACLs for both purposes (NAT and VPN what do you recommend?