Is the strip group configured under the default tunnel group as well? Thanks and regards
Yogesh Gawankar --- On Thu, 9/9/10, Vybhav Ramachandran <[email protected]> wrote: From: Vybhav Ramachandran <[email protected]> Subject: Re: [OSL | CCIE_Security] Address Pool To: "Yogesh Gawankar" <[email protected]>, "OSL Security" <[email protected]> Date: Thursday, September 9, 2010, 6:34 PM Hello Yogesh, I tried looking at the debugs for a simple example. I created 2 tunnel groups , DefaultRAGroup ( internal , by default ) and VPN_TUNNEL. They both have identical configurations and they both point to the same group-policy. Now, i used local authentication and i created a user : username vybhav password cisco mschap priv 15 I included the "strip-group" keyword under both the DefaultRAGroup and the VPN_TUNNEL tunnel-groups. Now when i connect, here's what happens. 1) When i connect using "vybhav" , the DefaultRAGroup is selected and the L2TP over IPSec tunnel comes up 2) If i connect using "vyb...@vpn_tunnel", it still lands on the DefaultRAGroup and instead of stripping the group-name off the username , it tries to find a user with a username of "vyb...@vpn_tunnel". This was not what i had expected. Maybe i'm misunderstanding this concept of group-stripping? As per my tests, i cannot connect to any other tunnel-group other than the inbuild default "DefaultRAGroup" tunnel-group when using L2TP in IPSec. Can anyone shed any light on this? Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
