Re: ASA VPN problem

The only policy I get is from POLICY3, which is defined as
default-policy under tunnel-group:

ASA# sh run tunnel-group
tunnel-group GROUP1 type remote-access
tunnel-group GROUP1 general-attributes
 default-group-policy POLICY3
tunnel-group GROUP1 ipsec-attributes
 pre-shared-key *

ASA# sh run group-policy
group-policy POLICY2 internal
group-policy POLICY2 attributes
 vpn-idle-timeout 60
 vpn-filter value
 vpn-tunnel-protocol IPSec
 address-pools value POOL2
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol IPSec webvpn
group-policy POLICY3 internal
group-policy POLICY3 attributes
 vpn-idle-timeout 30
 vpn-tunnel-protocol IPSec
 password-storage enable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value NONAT
 user-authentication enable
 address-pools value POOL3
group-policy POLICY1 internal
group-policy POLICY1 attributes
 vpn-simultaneous-logins 7
 vpn-idle-timeout 60
 vpn-filter value FILTER1
 vpn-tunnel-protocol IPSec
 password-storage enable
 address-pools value POOL1

ASA# sh run username
username USER2 password g9O3SBOu.Lds9mV4 encrypted
username USER2 attributes
 vpn-group-policy POLICY2
 service-type remote-access
username test password 274Y4GRAbNElaCoV encrypted
username test attributes
 vpn-group-policy POLICY2
 service-type remote-access
username USER3 password cNH.ND6XX2p2UgNJ encrypted privilege 15
username USER3 attributes
 vpn-group-policy POLICY3
username USER1 password jcSAXHlsFLpnIf2H encrypted
username USER1 attributes
 vpn-group-policy POLICY1
 service-type remote-access

ASA# sh version

Cisco Adaptive Security Appliance Software Version 8.0(4)12
Device Manager Version 6.1(3)

On Thu, Jan 14, 2010 at 8:49 PM, Ryan West <rwest_at_zyedge.com> wrote:
> Ivan,
>
> Can you list sanitized versions of the tunnel-group, group-policy, and usernames in question? I think what you listed before was only a partial.
>
>
> Thanks,
>
> -ryan

Blogs and organic groups at http://www.ccie.net
Received on Thu Jan 14 2010 - 23:36:34 ART