10-11-2012 10:19 AM
I am installing 2 ASA 5505s at home offices with dynamic IPs. The EasyVPN server is a ASA585x. I am using the 5505s in NEM mode. I configured a unique DHCP scope on each 5505. I have a dynamic crpto map on the server. I configured unique tunnel groups, group policies and usernames for each site on the server.
This seems to work fine.
Is it normal to configure unique tunnel groups, group policies and usernames for each remote site?
10-11-2012 05:34 PM
Hi,
I would say yes, since you have full control over each connection profile and group-policy. Usually one single connection profile and group-policy represent one single point of failure.
You could use the same username as long as you allow enough simultaneous logins with the "vpn-simultaneous-login" command under the group-policy settings.
Portu.
Please rate any helpful posts
10-12-2012 12:32 AM
Hello,
You can either have one group for all sites or one group per site.
Having one group make more sense if you have common group-policies.
For usernames, It's better to have one per site [ to avoid to change all routers passwords if that user/pass got leaked]
Cheers,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide