I have a question. Does anyone able to make this to work using SG solution?
I seem can't get the vpn to come up using SG solution. Got below error message on asa:
"[IKEv1]Group = 192.168.70.22, IP = 192.168.70.22, Can't find a valid tunnel group, aborting...!"
Note: I am using my own ip addressing scheme. 192.168.70.22 is asa's ikev1 interface;
To make it work, in addition to SG configs, I added below commands on R3
crypto isakmp peer address 192.168.70.12
set aggressive-mode password CISCO
set aggressive-mode client-endpoint fqdn R3.ine.com
Once configs are in place, vpn came up and working ok.
%ASA-7-713906: IP = 192.168.70.22, Connection landed on tunnel_group R3.ine.com
Is it a valid solution? It sounds like "aggressive-mode" need to be configured on both sides of devices, comment?