Yes, we call that defaultL2Lgroup :)
Just make your life easy and do Dynamic l2l vpn using a common psk for all remotes, or if you actually want more security, use certificates.
Here's a recent change request for the dynamic l2l
Task 2: Configure dynamic crypto map entry and policies to permit ASA 5505 client connections
1. Choose ESP-AES-128-SHA (much better in CPU than 3DES/MD5)
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
2. Configure dynamic crypto map entry
crypto dynamic-map dyn-remote 10 set transform-set ESP-AES-128-SHA
crypto dynamic-map dyn-remote 10 set reverse-route
3. Create pointer in main Crypto ACL to dynamic rule for ASA 5505's
crypto map outside_map 65534 ipsec-isakmp dynamic dyn-remote
4. Configure Default Lan to Lan group with pre-shared-key
tunnel-group DefaultL2LGroup ipsec-attributes
pre-share-key <preshare key>
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Christopher Copley
Sent: Thursday, April 29, 2010 1:31 PM
To: Cisco certification
Subject: ASA tunnel groups for L2L VPN
Is there any way to group more that 1 L2L vpn to 1 tunnel group? For
instance, I have 3 customers, and each customer has 15 L2L vpn's with the
same access policy's to their specific vpn's. So I want 3 tunnel groups
that each support 15 L2L vpn's. Is this possible?
Chris
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 29 2010 - 15:06:18 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART