acomiskey Fri, 09/05/2008 - 07:35

The easiest way I found to accomplish this is to use the DefaultL2LGroup on the hub ASA. On the spoke ASA you will use a tunnel group equal to the ip of the hub ASA. Post your configs if you need a hand.


tunnel-group DefaultL2LGroup ipsec-attributes

pre-shared-key *

Spoke ASA

tunnel-group ipsec-attributes

pre-shared-key *

Configure the rest the same way you would any other L2L tunnel.


This Discussion