Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

name of tunnel-group

Hi,

In the configuration below I've set up a tunnel-group name that is the same as the VPN-tunnel peer. Is this something you have to do or could you just call the tunnel-group anything you like?

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash sha

isakmp policy 1 group 2

isakmp policy 1 lifetime 43200

isakmp enable outside

crypto ipsec transform set FirstSet esp-3des esp-md5-hmac

access-list l2l_list extended permit ip 192.168.100.0 255.255.255.0 192.168.1.0 255.255.255.0

tunnel-group 10.10.10.1 type ipsec-l2l

tunnel-group 10.10.10.1 ipsec-attributes

pre-shared-key xxx

crypto map abcmap 1 match address l2l_list

crypto map abcmap 1 set peer 10.10.10.1

crypto map abcmap 1 set transform-set FirstSet

crypto map abcmap interface outside

1 ACCEPTED SOLUTION

Accepted Solutions

Re: name of tunnel-group

Robert,

The tunnekl group should be the IP address of the remote end - as this is used as the ID. The only time you should use a specific name - is if you are authentication by certficate.

HTH.

1 REPLY

Re: name of tunnel-group

Robert,

The tunnekl group should be the IP address of the remote end - as this is used as the ID. The only time you should use a specific name - is if you are authentication by certficate.

HTH.

116
Views
0
Helpful
1
Replies
CreatePlease to create content