Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

using different pre-shared keys in remote access vpn

hi .

i have a pix 515e(7.2) and now running l2tp/ipsec remote access vpn and connect to it via Microsoft vpn client.

I've configured that all of my users using just one pre-shared key , default tuunel-group and default group-policy so , all of my users using same configuration and attributes .

now everything works like a charm!

but now i need to segregate my vpn users, and i need to assign them different pre-shared keys and other attributes .

i know i should able to do that by configuring tunnel-groups and group-policy

but when i configure different tunnel-groups , it works just with DefaultRAGroup !!!

even i don't configure pre-shared-key for DefaultRAGroup but i get an error , "Can not find valid tunnel-group"

please help me , what should i do ?

here is my current configuration :

vpn# sh run group-policy

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value 192.168.11.18 192.168.11.17

vpn-tunnel-protocol IPSec l2tp-ipsec

default-domain value xxxx.net

address-pools value vpnpool

vpn# sh run tunnel-group

tunnel-group DefaultRAGroup general-attributes

address-pool vpnpool

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

no authentication ms-chap-v1

authentication ms-chap-v2

2 REPLIES
New Member

Re: using different pre-shared keys in remote access vpn

You need to name each Tunnel-group and group policy differently and you can call out the group-policy for each different tunnel-group by name

New Member

Re: using different pre-shared keys in remote access vpn

yes , i do that , and after configuring tunnel-group and group-policy , i define default-group-policy , but it not work !!!

like this :

group-policy Sales internal

group-policy Sales attributes

dns-server value 192.168.11.18 192.168.11.17

vpn-tunnel-protocol IPSec l2tp-ipsec

default-domain value xxxx.net

address-pools value vpnpool-1

tunnel-group Sales type ipsec-ra

tunnel-group Sales general-attributes

default-group-policy Sales

tunnel-group Sales ipsec-attributes

pre-shared-key TMEAc97rqdRSYYG39qli

tunnel-group Sales ppp-attributes

no authentication chap

authentication ms-chap-v2

group-policy Managers internal

group-policy Managers attributes

dns-server value 192.168.11.18 192.168.11.17

vpn-tunnel-protocol IPSec l2tp-ipsec

default-domain value xxxx.net

address-pools value vpnpool-2

tunnel-group Managers type ipsec-ra

tunnel-group Managers general-attributes

default-group-policy Managers

tunnel-group Managers ipsec-attributes

pre-shared-key GWPnOjEZBmB9bbM0Hq1x

tunnel-group Managers ppp-attributes

no authentication chap

authentication ms-chap-v2

208
Views
0
Helpful
2
Replies
CreatePlease to create content