Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
0
Helpful
1
Replies

IPSEC VPN

ankit.dhawan
Level 1
Level 1

‎01-12-2018 07:52 AM - edited ‎03-12-2019 04:54 AM

Can someone help me understand the difference between GROUP-POLICY and TUNNEL-GROUP and what could role do they play in VPN tunnel.

Labels:
0 Helpful
1 Reply 1

GioGonza
Level 4
Level 4

‎01-12-2018 12:12 PM

Hello @ankit.dhawan

 

An explanation in easy terms is like this: 

 

1. Tunnel-group: Is the one that handles the connection, your connection will land in a tunnel-group and in this part you configure the AAA and you can decide how to assign the IP for the connection. 

 

2. Group-policy: Are the extra information you want for the connection, I.E. if you want to apply restrictions with an ACL, DNS servers config, DHCP configs, Protocols you want to work with, you can apply also IP addresses here. 

 

In a tunnel-group you can have only one group-policy, but you can have one group-policy attached to different tunnel-groups. This means for every connection on the ASA you need one tunnel-group and one group-policy associated. 

 

HTH

Gio

0 Helpful
Customers Also Viewed These Support Documents