Hi,
See this configuration:
crypto map VPN_map_1 match address VPN_1
crypto map VPN_map_1 set pfs
crypto map VPN_map_1 set connection-type originate-only
crypto map VPN_map_1 set peer 172.16.1.1
crypto map VPN_map_1 set transform-set ESP-3DES-SHA
group-policy A internal
group-policy A
vpn-tunnel-protocol IPSec
group-lock value 10.0.0.1
pfs enable
tunnel-group 172.16.1.1 type ipsec-l2l
tunnel-group 172.16.1.1 general-attributes
default-group-policy A
tunnel-group 172.16.1.1 ipsec-attributes
pre-shared-key 12345
The group-lock value doesn't match, but VPN will work. The question is: will group-policy A be used by the ASA or not?
Very curious,
Galied