04-09-2007 08:40 AM - edited 03-09-2019 05:45 PM
Hi,
First of all, I'm not quite sure if the tunnel-group for a LAN with dynamic connection (ADSL) is DefaultL2LGroup or DefaultRAGroup.
After upgrading the 515-E to 7.2(2), the VPN L2L link between the 515-E in the hub office and the 1841 router in branch stopped working for some reason. I'm still picking up on the 7.2 commands so I don't know if some of the commands were not properly converted or I've changed something in the configuration.
I would be grateful if someone could look at the attached config and advise what to do.
Thanks, Archie
04-09-2007 10:25 AM
Hello
If the remote side is initiating a connection in Aggressive mode (like remote EzVpn etc..), then it will land on Default RA Group. If it is initiating the connection on Main mode, it will land on DefaultL2Lgroup.
So, since you said its a L2L tunnel, then if the remote address should be initiating the connection on Main mode.
Make sure the pre-shared key matches on the DefaultL2LGroup with the remote side.
The configs looks ok.
If it doesnt work, please run the following debugs
deb cry isa 129
deb cry ipsec 129
on the ASA and post it.
Rate this post, if it helps.
Cheers
Gilbert
04-10-2007 01:58 AM
Hi Gilbert,
Thanks for your response. I issued the debug statements that you suggested and the connection is landing on DefaultRAGroup. However, someone from the forum suggested to add the one line command below and it started working. Unfortunately, it's nowhere can be found from Cisco configuration examples or from any of the documentations.
tunnel-group-map default-group DefaultL2LGroup
Also, thanks for letting me know about Aggressive and Main modes.
Cheers,
Archie
11-23-2010 05:19 PM
Cool ,It 's helpful for me
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: