Cisco ASA Site-to-Site IKEv1 IPsec VPN

Hello Nguyen

When configuring IPSec, the tunnel-group command is used to configure what is called “the database of connection-specific records”. This database contains tunnel-specific information that is necessary to establish and maintain the tunnel. As shown in the lesson, this information includes the type of tunnel being created. In the lesson, this is a LAN to LAN tunnel, but you can also have remote access type.

Once the tunnel group is created, you can then change various attributes using one or more of the following commands:

  • tunnel-group general-attributes
  • tunnel-group ipsec-attributes
  • tunnel-group webvpn-attributes
  • tunnel-group ppp-attributes

In the lesson, the ipsec-attributes keyword is used. This configuration mode allows us to configure the IKE attributes such as the preshared key for the tunnel.

More information bout the tunnel-group command for the ASA can be found at the following Cisco command reference:

I hope this has been helpful!

Laz