We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 641 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

450 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hi Rene,

    If i want to create another connection profile , do i need to create another policy in ipsec phase 1 (
    crypto ikev1 policy 10)

    Or is it one time configuration ,( Ipsec phase 1 and Phase 2 ) .
    How to remove the tunnel group and group policy from command line


  2. Hi Amit,

    Yes you can, you’ll need to create an additional policy group and tunnel group for this. Here’s a quick example:

    group-policy VIRL_VPN internal
    group-policy VIRL_VPN attributes
     vpn-filter value VIRL
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value VIRL_SPLIT_TUNNEL
    access-list VIRL_SPLIT_TUNNEL standard permit
    access-list VIRL extended permit tcp any object VIRL object-group VIRL_PORTS 
    access-list VIRL extended permit tcp any object VIRL2 object-group VIRL_PORTS
    tunnel-group VIRL_TUNNEL type remote-ac
    ... Continue reading in our forum

  3. Hi Rene,

    I have private ip address in the outside interface connected the ISP, and DMZ interface have public IP for diferent service. then the question is:

    Can do I use a IP public address from my pool of DMZ for get up my VPN remote access?

    how do I make this ?

    best regards

  4. Hi @sclarke1210,

    You won’t see a tunnel interface directly. If you want to verify that a user has connected and see the IP address that was assigned from the VPN pool, it’s best to use these two commands:

    ASA# show crypto ikev1 sa
    IKEv1 SAs:
       Active SA: 1
        Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
    Total IKE SA: 1
    2   IKE Peer:
        Type    : user            Role    : responder 
        Rekey   : no              State   : AM_ACTIVE 

    Above you can see that a user has connected. The IP addresses you can see below:

    ... Continue reading in our forum

29 more replies! Ask a question or join the discussion by visiting our Community Forum