Hi all I am trying to lab to see the "strip-group" functionality. The strip-group, strips the realm after username and then sends username alone for authentication. The part after @ is used for selecting the tunnel-group. With l2tp over IPSec in ASA, we use strip-group to use a different tunnel group as the l2tp always land the default tunnel group.
Does the strip-group work for the IPSec RA I tried to lab up with the same logic.The VPN client is configured for group "king". Hence the when enter username "ci...@kings" on the VPN client which is configured with group name of "king", I thought it would initially land on tunnel-group "king" and then be switched over to tunnel-group "kings". But it didn't work :-( Just tried it not sure, if that was the correct way. Can someone explain how strip-group works in the case of IPSec RA. As per http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/l2tp_ips.html, the str asa2(config)# sh run tunnel-group tunnel-group king type remote-access tunnel-group king general-attributes address-pool addr2 strip-group tunnel-group king ipsec-attributes pre-shared-key * tunnel-group kings type remote-access tunnel-group kings general-attributes default-group-policy king tunnel-group kings ipsec-attributes pre-shared-key * With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
