Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
1 post • Page 1 of 1
This client needs to create a vpn ipsec tunnel using two asaa. I had a cisco documentation link being posted by one of the learned posters here.This link shows the configuration with a tunnel group. I came across another general site, which shows one without a tunnel group using asas. Please help which one is better and appreciate if i could understand why. Thank You.
Hello, The tunnel-group is needed for at least some of the basic tunnel attributes. This document will explain the minimum tunnel-group settings needed for a site-to-site tunnel: http://www.cisco.com/en/US/docs/securit ... #wp1042423 Hope that helps. -Mike
thsts a deprecated commandhowever i tried it out in my lab just to see what would happen, it took the commadn but this is what it made by default ASA-1(config)# crypto isakmp key cisco address x.x.x.xASA-1(config)# sh run tunnASA-1(config)# sh run tunnel-grouptunnel-group 220.127.116.11 type ipsec-l2ltunnel-group 18.104.22.168 general-attributes no accounting-server-group default-group-policy DfltGrpPolicytunnel-group 22.214.171.124 ipsec-attributes no pre-shared-key peer-id-validate req no chain no trust-point isakmp keepalive threshold 10 retry 2 so you can clearly see it took the command but it did not like it while you try to put the command it does say that it is deprecated So to summarize ----------------------- always use tunnel-group : )