vpn tunnel

[Guest]

This client needs to create a vpn ipsec tunnel using two asaa. I had a cisco documentation link being posted by one of the learned posters here.This link shows the configuration with a tunnel group. I came across another general site, which shows one without a tunnel group using asas. Please help which one is better and appreciate if i could understand why. Thank You.

[Guest]

Hello, The tunnel-group is needed for at least some of the basic tunnel attributes. This document will explain the minimum tunnel-group settings needed for a site-to-site tunnel: http://www.cisco.com/en/US/docs/securit ... #wp1042423 Hope that helps. -Mike

[Guest]

on asa you will need tunnel group to enter atleast the pre-shared key so if there is no tunnel group for a particular peer it falls on the default tunnel group

[Guest]

to create a preshared key, would "crypto isakmp KEY test address X.X.X.X" be sufficient if i dont use the tunnel group.will this cause any issues by not using tunnel group. Thanks!

[Guest]

thsts a deprecated commandhowever i tried it out in my lab just to see what would happen, it took the commadn but this is what it made by default ASA-1(config)# crypto isakmp key cisco address x.x.x.xASA-1(config)# sh run tunnASA-1(config)# sh run tunnel-grouptunnel-group 1.1.1.1 type ipsec-l2ltunnel-group 1.1.1.1 general-attributes no accounting-server-group default-group-policy DfltGrpPolicytunnel-group 1.1.1.1 ipsec-attributes no pre-shared-key peer-id-validate req no chain no trust-point isakmp keepalive threshold 10 retry 2 so you can clearly see it took the command but it did not like it while you try to put the command it does say that it is deprecated   So to summarize -----------------------  always use tunnel-group : )