cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1776
Views
0
Helpful
17
Replies
Cisco Employee

Re: Cisco PIX 515E L2TP over IPSec help ???

group-policy group_policy_aa >> NOT WORKED>> "incomplete command"

bsns-asa5520-10(config)# group-policy SOME_NAME ?

configure mode commands/options:
  external  Enter this keyword to specify an external group policy
  internal  Enter this keyword to specify an internal group policy

For a new policy you need to define if it's internal or external. Internal is what you're looking for.

> tunnel-group DefaultRAGroup type ipsec-ra >> NOT WORKED

tunnel-group DefaultRAGroup <---- is already defined, why are you trying to define the type again?

> crypto isakmp enable >> NOT WORKED>> "incomplete command"


You have it already enabled! "crypto isakmp enable outside"

Please note that you will have to bind the default RA tunnel-group with whichever group-policy you configure.

Example:

bsns-asa5520-10(config)# tunnel-group SOME_OTHER_NAME general-attributes
bsns-asa5520-10(config-tunnel-general)# default-group-policy SOME_NAME

Highlighted
Beginner

Re: Cisco PIX 515E L2TP over IPSec help ???

##group-policy group_policy_aa >> NOT WORKED>> "incomplete command"

bsns-asa5520-10(config)# group-policy SOME_NAME ?

YES

I really appreciate your great help this .. I would be honestly thank full if you post the corrected entire L2TP commands for the VPN, then I can easily identify what wrong is here and what is right…

Again thanks a lot !

Cisco Employee

Re: Cisco PIX 515E L2TP over IPSec help ???

Mate, I don't have a configuration on any lab device, nor do I have the time to do so.

There are probably hundered of configuration examples like this one:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807213a7.shtml#configuringthemicrosoftserverwithias

The only difference is that you will need to adapt it to your setup - for exempla not using radius for authentication, adjust it to use SHA instead of MD5 and minor changes in tunnel-group types.

If in doubt please refer to command reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/cmd_ref.html

Marcin