KB ID 0001423
Problem
You will see this error if you are pasting configuration into a Cisco firewall. This week I was manually converting an old 8.2 version firewalls configuration, to run on a modern (version 9) firewall, when I saw this;
[box]
Petes-ASA(config)# username fred.bloggs attributes Petes-ASA(config-username)# group-lock value SOME-VALUE WARNING: tunnel-group SOME-VALUE does not exist
[/box]
Solution
The reason you are seeing this error is because you are working your way through the config, (from top to bottom), and you have just told the firewall to use a tunnel-group, and that tunnel group is further down in the config, so you have not created it yet on the target firewall!
For the uninitiated: A group-lock is used to define different tunnel-groups for different users.
So on the source configuration, locate the appropriate tunnel-group and put that in first, then retry;
[box]
Petes-ASA(config-username)# tunnel-group SOME-VALUE type remote-access Petes-ASA(config)# tunnel-group SOME-VALUE general-attributes Petes-ASA(config-tunnel-general)# address-pool VPN-POOL Petes-ASA(config-tunnel-general)# default-group-policy SOME-VALUE-POLICY Then try again! Petes-ASA(config-tunnel-general)# username fred.bloggs attributes Petes-ASA(config-username)# group-lock value SOME-VALUE
[/box]
Related Articles, References, Credits, or External Links
NA