Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
2
Replies

using different pre-shared keys in remote access vpn

Nasser Heidari
Level 1
Level 1

‎04-20-2008 02:56 AM - edited ‎02-21-2020 03:41 PM

hi .

i have a pix 515e(7.2) and now running l2tp/ipsec remote access vpn and connect to it via Microsoft vpn client.

I've configured that all of my users using just one pre-shared key , default tuunel-group and default group-policy so , all of my users using same configuration and attributes .

now everything works like a charm!

but now i need to segregate my vpn users, and i need to assign them different pre-shared keys and other attributes .

i know i should able to do that by configuring tunnel-groups and group-policy

but when i configure different tunnel-groups , it works just with DefaultRAGroup !!!

even i don't configure pre-shared-key for DefaultRAGroup but i get an error , "Can not find valid tunnel-group"

please help me , what should i do ?

here is my current configuration :

vpn# sh run group-policy

group-policy DefaultRAGroup internal

group-policy DefaultRAGroup attributes

dns-server value 192.168.11.18 192.168.11.17

vpn-tunnel-protocol IPSec l2tp-ipsec

default-domain value xxxx.net

address-pools value vpnpool

vpn# sh run tunnel-group

tunnel-group DefaultRAGroup general-attributes

address-pool vpnpool

default-group-policy DefaultRAGroup

tunnel-group DefaultRAGroup ipsec-attributes

pre-shared-key *

tunnel-group DefaultRAGroup ppp-attributes

no authentication chap

no authentication ms-chap-v1

authentication ms-chap-v2

Labels:
0 Helpful
2 Replies 2

bob.bartlett
Level 1
Level 1

‎04-20-2008 11:29 AM

You need to name each Tunnel-group and group policy differently and you can call out the group-policy for each different tunnel-group by name

0 Helpful

Nasser Heidari
Level 1
Level 1
In response to bob.bartlett

‎04-20-2008 08:39 PM

yes , i do that , and after configuring tunnel-group and group-policy , i define default-group-policy , but it not work !!!

like this :

group-policy Sales internal

group-policy Sales attributes

dns-server value 192.168.11.18 192.168.11.17

vpn-tunnel-protocol IPSec l2tp-ipsec

default-domain value xxxx.net

address-pools value vpnpool-1

tunnel-group Sales type ipsec-ra

tunnel-group Sales general-attributes

default-group-policy Sales

tunnel-group Sales ipsec-attributes

pre-shared-key TMEAc97rqdRSYYG39qli

tunnel-group Sales ppp-attributes

no authentication chap

authentication ms-chap-v2

group-policy Managers internal

group-policy Managers attributes

dns-server value 192.168.11.18 192.168.11.17

vpn-tunnel-protocol IPSec l2tp-ipsec

default-domain value xxxx.net

address-pools value vpnpool-2

tunnel-group Managers type ipsec-ra

tunnel-group Managers general-attributes

default-group-policy Managers

tunnel-group Managers ipsec-attributes

pre-shared-key GWPnOjEZBmB9bbM0Hq1x

tunnel-group Managers ppp-attributes

no authentication chap

authentication ms-chap-v2

0 Helpful
Customers Also Viewed These Support Documents