cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
865
Views
0
Helpful
2
Replies

DfltGrpPolicy multiple tunnels

neteng2323
Level 1
Level 1

Can the DfltGrpPolicy be used for multiple site-to-site dynamic tunnels?  I basically have a hub and spoke with a Cisco ASA 5525, and several Cradlepoint devices.  The 5525 is static, and Cradlepoints are dynamic.  I have tested one using the dynamic tunnel option on the 5525, but I'm curious if this same group can be used for say 15-20 cradlepoints/endpoints at the same time.  So the same key would be used for all of them I'm assuming... Would I create multiple dynamic crypto maps for this?

 

1 Accepted Solution

Accepted Solutions

GioGonza
Level 4
Level 4

Hello @neteng2323

 

Yes, you can use the same Group-Policy for the rest of the connections but as you know this can be a Security concern on using the same PSK for multiple locations. 

 

Also for dynamic connections, you can only configure one dynamic crypto map and that should do the trick. 

 

HTH

Gio

View solution in original post

2 Replies 2

GioGonza
Level 4
Level 4

Hello @neteng2323

 

Yes, you can use the same Group-Policy for the rest of the connections but as you know this can be a Security concern on using the same PSK for multiple locations. 

 

Also for dynamic connections, you can only configure one dynamic crypto map and that should do the trick. 

 

HTH

Gio

Thanks! I actually tested this today and it does work. It's not as clean
and stable as a static tunnel, but it works if that's the the only option.