Hi everyone. I'm new to cisco and i was wondering if it's possible to connect a 1841 running IOS 12.4 to a mikrotik L2TP/IPSec server. The reason i do not wish to use Cisco as the server is because it is going to be used with a dynamic Public IP. TIA.
Solved! Go to Solution.
are the router accept the crypto command ? if it accept it and the virtual and pseudo is not accept then this limit in router plaftorm not in IOS image.
crypto is accept only by IOS image 9k (security advance)
Thanks. I'm trying for 2 days now to find a solution but i'm stuck at the first step, it seems that the following command is not available.
pseudowire-class L2TP_PW encapsulation l2tpv2 ip local interface FastEthernet0/1
Thanks for your effort!
cisco-1.HQ.domain.com#show running-config Building configuration... Current configuration : 1256 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption no service dhcp ! hostname cisco-1.HQ.domain.com ! boot-start-marker boot-end-marker ! logging count enable secret 5 xxxxxxxxxxxx. ! no aaa new-model ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.10.1 192.168.10.10 ! ip dhcp pool FA0/1 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 dns-server 213.7.231.xx ! ! ip domain name cisco-1.HQ.domain.com ! ! ! username xxxxxxxx password 0 xxxxxxxx ! ! ip ssh version 2 ! ! ! ! interface FastEthernet0/0 ip address dhcp ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.10.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 2000000 ! ! ip http server no ip http secure-server ip nat inside source list 1 interface FastEthernet0/0 overload ! access-list 1 permit 192.168.10.0 0.0.0.255 snmp-server community xxxxxxx RO ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login local transport input ssh ! scheduler allocate 20000 1000 end
interface FastEthernet0/1 description IP Publica ip address X.X.X.X X.X.X.X (Cisco's Public IP) load-interval 30 duplex auto speed auto ! interface Virtual-PPP1 description L2PT Tunnel ip address negotiated ip pim sparse-dense-mode ip igmp query-interval 125 load-interval 30 no cdp enable ppp chap hostname X.X.X.X (Username of L2TP) ppp chap password X.X.X:X (Password of L2TP) ppp ipcp address accept pseudowire X.X.X.X 1 pw-class L2TP_PW (MikroTik's Public IP)
try above config with pseudo-class,
NOTE:- please mention which command is not accept by router
Im stuck at creating a virtual ppp.
cisco-2.backup.ckrco(config)#interface Virtual-PPP1 ^ % Invalid input detected at '^' marker. cisco-2.backup.ckrco(config)#
p.s. this is a second cisco running the exact same conf (this is used for testing and then implementing to the first one).
the answer for your issue
The interface virtual-ppp and pseudoeire configuration requires the l2tpv3 pseudoeire-class feature, which is only available in the -entservicesk9-, -spservicesk9-, -advipservicesk9-, or -adventerprisek9- IOS feature sets. That's why you can't configure this in the -ipvoice_ivs- feature set as you have. You may want to upgrade the feature set and see if that helps.
for link sometimes cisco remove the doc. so the link will not available anymore
cisco-2.backup.domain.com#show version Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(16a), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Mon 10-Sep-07 06:55 by prod_rel_team ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) cisco-2.backup.domain.com uptime is 54 minutes System returned to ROM by reload at 00:07:29 UTC Thu Jan 1 1970 System image file is "flash:c1841-advsecurityk9-mz.124-16a.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to firstname.lastname@example.org. Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory. Processor board ID FCZ1141R2T9 2 FastEthernet interfaces 1 Virtual Private Network (VPN) Module DRAM configuration is 64 bits wide with parity disabled. 191K bytes of NVRAM. 31360K bytes of ATA CompactFlash (Read/Write) Configuration register is 0x2102