In version 6.x for crypto map and NAT0 normal ip access lists were used, however in 7.x, extended access-list is used.
In version 6.x, there was no concept of tunnel group, however in version 7.x, in order to create and manage the database of connection-specific records for ipsec-l2l IPsec (LAN-to-LAN) tunnels, use the tunnel-group command in global configuration mode. For LAN-to-LAN connections, the name of the tunnel group must be the IP address of the IPsec peer.
In version 6.x, in order to configure preshared key for LAN-to-LAN tunnel the isakmp key command was used, but in version 7.x, the pre-shared-key is configured under tunnel group. For example:-
Refer to this checklist in order to move VPN client configuration from version 6.x to 7.x:
In version 6.x and 7.x, the commands to configure dynamic crypto map, ISAKMP policy, NAT 0 access-list and Transform set remains same. The configuration in regards to these commands are copied and pasted on the PIX/ASA version 7.x without a problem.
In version 6.x, the vpngroup command set lets you configure Cisco VPN 3000 Client policy attributes to be associated with a VPN group name, but in version 7.x, the group-policyandtunnel-group commands accomplish this task.
i configured anyconnect on my firewall the asa 5510 and all is ok, but i have a problem. the users from my local lan also connects on anyconnect vpn, but i don't want this feature. how disable local lan connects on anyconnect vpn on asa 5510?
Hi All, I am working on Cisco FTD which are managed by FMC. I ahve conifgured the DNS group: I did an nslookup from the firewall but the firewall doesnt seem to resolve google.comI ahve route pointing towards the inside interface for 10.0....