Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1854
Views
0
Helpful
1
Replies

Cisco ASA group-policy DfltGrpPolicy attributes

Steve Coady
Level 1
Level 1

‎08-10-2018 10:25 AM - edited ‎02-21-2020 08:05 AM

All

 

We are beginning to use ikev2 for site-to-site vpn's

My current vpn's use the following group-policy:

 

group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
 webvpn
  anyconnect ssl keepalive none
  anyconnect dpd-interval client none
  anyconnect dpd-interval gateway none
  customization value DfltCustomization

 

My question/concern is:

If I modify this group-policy by adding ikev2 will this cause any adverse impact to production vpn's currently in place?

 

Please advise at your earliest convenience.

 

 

sMc
0 Helpful
1 Reply 1

Ben Walters
Level 3
Level 3

‎08-10-2018 11:32 AM

Adding IKEv2 to the list of tunneling protocols wouldn't have an impact on the other connection profile settings that also reference the default policy you are just allowing another tunneling protocol along with the ones you already have enabled.

 

Although personally I would create a new group policy for the site to site connections just to keep things more organized but if you want to use the default policy that is ok too.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card