Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
This will be for a basic setup, no policy NAT, no backup peers, using preshared keys having a similar topology to the one below:!--find and replace <name> with the endpoint name/identifier, typicaly the site if it is a part of your organization, or c...
Roger,That looks good but you are still missing a detail:access-list colocation_vpn extended permit ip (obiously the colocation device must have a line that is from it's network to the partner)I hope this helps.
You can configure you IAS to send the group-policy name on the attribute 25 (class), and have the user connect to the default. That way the ASA will force them to use the proper group policy and all of its advantages.
Hello Roger,The configuration that you need will be on the HQ ASA.First of all configure the ASA so that it would allow traffic to leave through the same interface that it came through:same-security-traffic permit intra-interfacethen you would need t...
Hello Paul,This is possible through ASDM but you will need to use some advanced settings:Configuration > Site-to-Site VPN > Advanced > Tunnel Groups There edit the group called "DefaultL2LGroup" and add the pre-shard key from the SA540 (note: all you...
Sal,Provided that you create a separate connection profile for the certificate authentication you can keep using both. You will need to have a group url and/or group alias for each one. I hope this helps you resolve your issue.Elias
