Cisco Cisco ASA 5512-X Adaptive Security Appliance 문제 해결 가이드

Contributed by Jose Medina, Cisco TAC Engineer.
Jun 28, 2012

Introduction
 Prerequisites
      Requirements
      Components Used
      Conventions
 Symptom
 Cause / Problem Description
 Conditions / Environment
 Resolution
 Related Information

This document provides information on how to make dynamic L2L tunnels fall into different tunnel groups.

There are no specific requirements for this document.

This document is not restricted to specific software and hardware versions.

Refer to Cisco Technical Tips Conventions for more information on document conventions.

In this document's example, the network administrator needs to create VPN policies where different remote
VPN spokes connecting to a hub should connect to separate Tunnel−Groups so that different VPN policies
can be applied to each remote connection.

In dynamic L2L tunnels, one side of the tunnel (the initiator) has a dynamic IP address. Because the receive
does not know which IP addresses they are coming from, unlike static L2L tunnels, different peers
automatically fall into the Default L2L Group. However, in some situations this is not acceptable and the user
might need to assign a different group−policy or pre−shared key to each peer.