Cisco Support Community
Community Member

using different pre-shared keys in remote access vpn

hi .

i have a pix 515e(7.2) and now running l2tp/ipsec remote access vpn and connect to it via Microsoft vpn client.

I've configured that all of my users using just one pre-shared key , default tuunel-group and default group-policy so , all of my users using same configuration and attributes .

now everything works like a charm!

but now i need to segregate my vpn users, and i need to assign them different pre-shared keys and other attributes .

i know i should able to do that by configuring tunnel-groups and group-policy

but when i configure different tunnel-groups , it works just with DefaultRAGroup !!!

even i don't configure pre-shared-key for DefaultRAGroup but i get an error , "Can not find valid tunnel-group"

please help me , what should i do ?

here is my current configuration :

vpn# sh run group-policy

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value

vpn-tunnel-protocol IPSec l2tp-ipsec

default-domain value

address-pools value vpnpool

vpn# sh run tunnel-group

tunnel-group DefaultRAGroup general-attributes

address-pool vpnpool

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

no authentication ms-chap-v1

authentication ms-chap-v2

CreatePlease to create content