Simultaneous use of Remote Access VPN and Site-to-Site VPN has a few caveats.
Important configuration lines:
1. crypto isakmp key Pr3sh4r3DKEY address 89.123.45.6 no-xauth
Make sure to include no-xauth for Site-to-Site VPN peer.
2. crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP
Dynamic map should be last in crypto map assigned to external interface. You may use 65535 here at is is maximum supported number.
Example of Cisco IOS configuration with multiple VPN connections on one router:
[code]
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key Pr3sh4r3DKEY address 89.123.45.6 no-xauth
crypto isakmp client configuration group REMOTEGROUP
key
dns 10.18.19.2
pool REMOTEPOOL
acl 110
!
!
crypto ipsec transform-set REMOTEVPN esp-3des esp-sha-hmac
!
crypto dynamic-map DYNMAP 10
set transform-set REMOTEVPN
!
!
crypto map VPNMAP client authentication list vpnuserauth
crypto map VPNMAP isakmp authorization list vpngroupauthor
crypto map VPNMAP client configuration address respond
crypto map VPNMAP 5 ipsec-isakmp
set peer 213.219.124.154
set transform-set REMOTEVPN
set pfs group2
match address VPN_ACL
crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP
ip local pool REMOTEPOOL 192.168.100.10 192.168.100.20
[/code]
Hi, how I can see an example of the complete configuration, for a practiced packettracert or GNS3?
How to apply an extended ACL: VPN_ACL in NAT settings, to pass the traffic through the tunnel vpn ?, I use different ACLs for both purposes (NAT and VPN what do you recommend?