Watch the case

I ran into a problem today rearding ASA configuration

There are 2 builtin VPN groups in the ASA: DefaultRAGroup and DefautlL2LGroup.

You can from the cli delete these but the will not disapear – they will only become invisible. This means that an incoming tunnel will still try to connect to the tunnelgroups. First to DefaultRAGroup and then to DefautlL2LGroup.

When I tried to “recreate” DefautlL2LGroup and set a pre-shared key I misspelled the groupname so it became DefaultL2Lgroup (note the g instead of G in Group). This meant that I had two groups: one called DefaultL2Lgroup with the correct psk and one called DefautlL2LGroup which was invisible.

It took some time before one of my collegues found this.

Leave a Reply