Showing results for 
Search instead for 
Did you mean: 

Cisco 1841 (IOS 12.4) as client to Mikrotik L2TP/IPSec Server


Hi everyone. I'm new to cisco and i was wondering if it's possible to connect a 1841 running IOS 12.4 to a mikrotik L2TP/IPSec server. The reason i do not wish to use Cisco as the server is because it is going to be used with a dynamic Public IP. TIA.

1 Accepted Solution

Accepted Solutions

are the router accept the crypto command ? if it accept it and the virtual and pseudo is not accept then this limit in router plaftorm not in IOS image. 
crypto is accept only by IOS image 9k (security advance)

View solution in original post

24 Replies 24

MHM Cisco World
VIP Mentor VIP Mentor
VIP Mentor

try the config in link above to config router as l2tp client 

Thanks. I'm trying for 2 days now to find a solution but i'm stuck at the first step, it seems that the following command is not available.


pseudowire-class L2TP_PW
 encapsulation l2tpv2
 ip local interface FastEthernet0/1


share the config you use 


Thanks for your effort! running-config
Building configuration...

Current configuration : 1256 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
logging count
enable secret 5 xxxxxxxxxxxx.
no aaa new-model
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address
ip dhcp pool FA0/1
   dns-server 213.7.231.xx
ip domain name
username xxxxxxxx password 0 xxxxxxxx
ip ssh version 2
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
interface FastEthernet0/1
 ip address
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
interface Serial0/0/0
 no ip address
 clock rate 2000000
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
access-list 1 permit
snmp-server community xxxxxxx RO
line con 0
line aux 0
line vty 0 4
 login local
 transport input ssh
scheduler allocate 20000 1000

interface FastEthernet0/1
 description IP Publica
 ip address X.X.X.X X.X.X.X (Cisco's Public IP)
 load-interval 30
 duplex auto
 speed auto
interface Virtual-PPP1
 description L2PT Tunnel
 ip address negotiated
 ip pim sparse-dense-mode
 ip igmp query-interval 125
 load-interval 30
 no cdp enable
 ppp chap hostname X.X.X.X (Username of L2TP)
 ppp chap password X.X.X:X (Password of L2TP)
 ppp ipcp address accept
 pseudowire X.X.X.X 1 pw-class L2TP_PW (MikroTik's Public IP)

 try above config with pseudo-class,
NOTE:- please mention which command is not accept by router 

Im stuck at creating a virtual ppp.



cisco-2.backup.ckrco(config)#interface Virtual-PPP1
% Invalid input detected at '^' marker.



p.s. this is a second cisco running the exact same conf (this is used for testing and then implementing to the first one).


When i open the link ( as stated in the solution reply, i get "access denied".

the answer for your issue 
The interface virtual-ppp and pseudoeire configuration requires the l2tpv3 pseudoeire-class feature, which is only available in the -entservicesk9-, -spservicesk9-, -advipservicesk9-, or -adventerprisek9- IOS feature sets. That's why you can't configure this in the -ipvoice_ivs- feature set as you have. You may want to upgrade the feature set and see if that helps.

for link sometimes cisco remove the doc. so the link will not available anymore 

Sorry, not sure i understand what i need to do. Do i need to upgrade the IOS or buy a new license?

upgrade to 9K IOS image 

You mean i need a new router?

show version <<- share this version
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(16a), RELEASE SOFTWARE (fc2)
Technical Support:
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Mon 10-Sep-07 06:55 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1) uptime is 54 minutes
System returned to ROM by reload at 00:07:29 UTC Thu Jan 1 1970
System image file is "flash:c1841-advsecurityk9-mz.124-16a.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco 1841 (revision 7.0) with 115712K/15360K bytes of memory.
Processor board ID FCZ1141R2T9
2 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers