Tacack, does this answer your question Snippet from http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/vpngrp.html
The *strip-group command*, for tunnel group switching, does not work when MS-CHAPv2 is used for PPP authentication. This is due to a limitation on MS-CHAPv2 protocol. That is due to the hash computation during MS-CHAPv2 being bound to the *username* string. With regards Kings On Wed, Sep 22, 2010 at 8:54 PM, Vybhav Ramachandran <[email protected]>wrote: > Hello Kings, > > You're right about the ASA supporting only L2TP over IPSec and not native > L2TP. > > You're right about the fact that, if we connect to the ASA using just a > "username" without the @, then it will land on the DefaultRAGroup , which is > of type "remote-access". > > Regarding the "strip-group" option, i tried that and it did'nt work for me. > No matter what i tried, i was unable to get the L2TP over IPSec connection > to land on a custom tunnel-group. The only way it worked was using the > "DefaultRAGroup" > > Has anyone had any luck on this? > > Cheers, > TacACK >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
