I would like to know if the Default Policy Group which is part of the General Attributes for the L2L connection is activated by Default (see below from Cisco Web Page) when you configure this type of connection even though I did not explicitly configure it.
Default LAN-to-LAN Tunnel Group Configuration
The contents of the default LAN-to-LAN tunnel group are as follows:
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
tunnel-group DefaultL2LGroup ipsec-attributes
isakmp keepalive threshold 10 retry 2
I also found that you need to activate the Default Policy Group if you want it to be used (see below from Cisco), but as I mentioned before, when you use L2L configuration apparently it is operative by default. Please confirm it.
Default Group Policy
The security appliance supplies a default group policy. You can modify this default group policy, but you cannot delete it. A default group policy, named "DfltGrpPolicy", always exists on the security appliance, but this default group policy does not take effect unless you configure the security appliance to use it.To view the default group policy, enter the following command:
hostname(config)# show running-config all group-policy DfltGrpPolicy
To configure the default group policy, enter the following command:
Recently, I had one problem because the Default Policy Group was activated and configured on 1 side of the connection and I lost the L2L Tunnel connection. I am assuming that when you configure L2L connections, THE GENERAL ATTRIBUTE = DEFAULT GROUP POLICY is automatically activated even though you did not configure it previously. Only when I configure the following command in the Default Group Policy, I could recover the connectivity:
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...