Hi Guys,
how would I configure l2tp MS client support VPN and cisco IPSEC VPN support at the same time on the ASA. I have configured both of them but only one works at a time. Could someone help please. Below is the config.
========
snmp-server community packet2009
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES256-MD5 mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 30 set transform-set ESP-3DES-MD5
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-AES256-MD5
crypto map OUTSIDE_map 999 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map OUTSIDE_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime none
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime none
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash md5
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.1.1 192.168.1.3
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value lloyds.cathedralcapital.com
group-policy CathIT internal
group-policy CathIT attributes
dns-server value 192.168.1.1 192.168.1.3
default-domain value lloyds.cathedralcapital.com
group-policy CathedralRadius internal
group-policy CathedralRadius attributes
dns-server value 192.168.1.1 192.168.1.3
default-domain value lloyds.cathedralcapital.com
group-policy CathVPN internal
group-policy CathVPN attributes
dns-server value 192.168.1.1 192.168.1.3
default-domain value lloyds.cathedralcapital.com
group-policy Webconnectivity internal
group-policy Webconnectivity attributes
dns-server value 192.168.1.1 192.168.1.3
default-domain value lloyds.cathedralcapital.com
username CathItUser password CILDBlJgIeL4OJ/j encrypted
username CathItUser attributes
vpn-group-policy CathIT
username cath password tM5k9SygwhMEpf3lQpwArA== nt-encrypted
username WCL_ADMIN password YztM0Ranjb1z9jkZ encrypted
username WCL_ADMIN attributes
vpn-group-policy Webconnectivity
tunnel-group DefaultRAGroup general-attributes
address-pool ippool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group CathedralRadius type ipsec-ra
tunnel-group CathedralRadius general-attributes
address-pool ippool
authentication-server-group RADIUS
default-group-policy CathedralRadius
tunnel-group CathedralRadius ipsec-attributes
pre-shared-key *
tunnel-group Webconnectivity type ipsec-ra
tunnel-group Webconnectivity general-attributes
address-pool ippool
default-group-policy Webconnectivity
authorization-dn-attributes UID
tunnel-group Webconnectivity ipsec-attributes
pre-shared-key *
tunnel-group CathVPN type ipsec-ra
tunnel-group CathVPN general-attributes
address-pool ippool
authentication-server-group RADIUS
default-group-policy CathVPN
tunnel-group CathVPN ipsec-attributes
pre-shared-key *
tunnel-group CathIT type ipsec-ra
tunnel-group CathIT general-attributes
address-pool ippool
default-group-policy CathIT
authorization-dn-attributes UID
tunnel-group CathIT ipsec-attributes
pre-shared-key *
!
!
prompt hostname context
Cryptochecksum:414eebe4e3c819ed2145cda31b8a7b20
: end
how would I configure l2tp MS client support VPN and cisco IPSEC VPN support at the same time on the ASA. I have configured both of them but only one works at a time. Could someone help please. Below is the config.
========
snmp-server community packet2009
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES256-MD5 mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 30 set transform-set ESP-3DES-MD5
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-AES256-MD5
crypto map OUTSIDE_map 999 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map OUTSIDE_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime none
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash md5
group 2
lifetime none
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash md5
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.1.1 192.168.1.3
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value lloyds.cathedralcapital.com
group-policy CathIT internal
group-policy CathIT attributes
dns-server value 192.168.1.1 192.168.1.3
default-domain value lloyds.cathedralcapital.com
group-policy CathedralRadius internal
group-policy CathedralRadius attributes
dns-server value 192.168.1.1 192.168.1.3
default-domain value lloyds.cathedralcapital.com
group-policy CathVPN internal
group-policy CathVPN attributes
dns-server value 192.168.1.1 192.168.1.3
default-domain value lloyds.cathedralcapital.com
group-policy Webconnectivity internal
group-policy Webconnectivity attributes
dns-server value 192.168.1.1 192.168.1.3
default-domain value lloyds.cathedralcapital.com
username CathItUser password CILDBlJgIeL4OJ/j encrypted
username CathItUser attributes
vpn-group-policy CathIT
username cath password tM5k9SygwhMEpf3lQpwArA== nt-encrypted
username WCL_ADMIN password YztM0Ranjb1z9jkZ encrypted
username WCL_ADMIN attributes
vpn-group-policy Webconnectivity
tunnel-group DefaultRAGroup general-attributes
address-pool ippool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group CathedralRadius type ipsec-ra
tunnel-group CathedralRadius general-attributes
address-pool ippool
authentication-server-group RADIUS
default-group-policy CathedralRadius
tunnel-group CathedralRadius ipsec-attributes
pre-shared-key *
tunnel-group Webconnectivity type ipsec-ra
tunnel-group Webconnectivity general-attributes
address-pool ippool
default-group-policy Webconnectivity
authorization-dn-attributes UID
tunnel-group Webconnectivity ipsec-attributes
pre-shared-key *
tunnel-group CathVPN type ipsec-ra
tunnel-group CathVPN general-attributes
address-pool ippool
authentication-server-group RADIUS
default-group-policy CathVPN
tunnel-group CathVPN ipsec-attributes
pre-shared-key *
tunnel-group CathIT type ipsec-ra
tunnel-group CathIT general-attributes
address-pool ippool
default-group-policy CathIT
authorization-dn-attributes UID
tunnel-group CathIT ipsec-attributes
pre-shared-key *
!
!
prompt hostname context
Cryptochecksum:414eebe4e3c819ed2145cda31b8a7b20
: end