02-28-2023 03:21 AM
Hi
Hoping someone can help.
I have an ISR 1100 and would like to connect it as an L2TP client with no IPSEC no encryption. I have seen various posts but most are for IKE/IPSEC.
I'm struggling to configure the tunnel in terminal, some of the examples I have seen suggest using virtual-ppp but when I try to enter the menu I get "invalid input detected"
I don't need it to route traffic over the L2TP, this is purely for testing that the router can authenticate with the LNS.
Any help is appreciated, the tunnel config is as follows: username: test password: test IP address of LNS: 10.20.1.2 CHAP or PAP
Thank you
02-28-2023 03:27 AM
virtual-ppp is for mutilink PPP
here you have l2tp so you need virtual-template not virtual-ppp
02-28-2023 03:32 AM
Hi
Thanks for your message, I noticed there are PPP options under the Virtual-Template option so I added the UN and PWD there but cannot work out where I put the IP address? I have searched for an example but I cannot find one.
Any help is appreciated!
Thank you
02-28-2023 07:06 AM
Hi
I have successfully built the L2TP client on a mikrotik router and works fine. I'm a bit disappointed that Cisco doesn't support l2tp without ipsec. Or at least no one I've spoken to on the forum or outside of it knows how to configure it. I honestly thought that Cisco would support such a simple tunnel protocol like l2tp. Looks like we will be using mikrotik then.
Thanks anyway
02-28-2023 04:20 AM
Configuring Layer 2 Tunneling Protocol (L2TP) over IPSec - Cisco
check this example
02-28-2023 04:22 AM
Hi
I have seen the example already but that is for IKE and I am just after no IKE no IPSEC no Crypto just a simple L2TP tunnel. I'm beginning to wonder if it is even possible in Cisco
Thanks
02-28-2023 07:28 AM
crypto map l2tpmap
use same config just remove the config of IPsec.
that it
02-28-2023 02:16 PM
Hi
I thought that's what I had done maybe I have set it up wrong:
Current configuration : 1385 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$/7mK$LNkfrxiV8osESh.zVmB5x0
!
no aaa new-model
ip source-route
ip cef
!
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
request-dialout
protocol l2tp
initiate-to ip 10.20.1.2
source-ip 192.168.0.75
local name test
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 secret 5 $1$l0w2$36PMwNPqpshleIgGqYJOT.
username test password 0 test1234
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/1
ip dhcp client hostname CISCO
ip address dhcp
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
no negotiation auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
access-list 101 permit udp host 192.168.0.75 eq 1701 host 10.20.1.2 eq 1701
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login local
transport input telnet
!
end
Thanks
03-01-2023 08:20 AM
Hi
I have spent all day on fiverr had 5 people give me 5 answers how this is done, and yet none of them work. Please can someone confirm if Cisco supports L2TP?
Up to now no one has managed to supply an answer or working config so I am considering alternative vendors as Cisco cannot support L2TP then I am massively disappointed. 3 People all with acronyms like CCNA after their names cannot make a L2TP binding but they did offer to do various courses for me which was nice but not necessary.
What a disappointment, everyone tells me how good Cisco is but with a 6 figure budget to spend I dont think I'll waste our money.
03-01-2023 01:29 PM
Hi friend,
first keep Cool
Now
the router ISR use VPDN and build L2TP between LAC and LNS with two case
1- it have PPPoE client
2- it have dialup client
the example I share before is dialup client which force the LAC to build L2TP to LNS
NOW
if the LAC dont have any then you dont need VPDN instead it can use L2tpv3
I can not run dailup in Lab but I can easy run PPPoE with L2tp
- LNS L2TP termination of PPPoE sessions with FreeRADIUS 2 (53bits.co.uk)
so your router ISR represent what LAC or LNS ?
03-01-2023 02:04 PM
Hi
Thanks for you message but there is no LAC. There is no PPPoE.
This is really basic. It is simply an L2TP tunnel with the Cisco configured as a L2TP client. This is not a broadband ISP network, it is not an XDSL network. It is simple, very very simple L2TP client binding. So simple it works with 1 command in Mikrotik:
/interface l2tp-client
add connect-to=10.20.1.2 name=l2tp-out1 password=test1234 user=test
Hence, I will buy Mikrotik because Cisco cannot do this 1 simple job.
Thanks
03-01-2023 02:14 PM
OK, Now we both reach same point, you run Router as L2TP Client ?
what is the L2TP Server ??
03-01-2023 02:26 PM
Hi
The LNS or L2TP server is Mikrotik. I have confirmed this is working correctly, if I use the Mikrotik command above on a Mikrotik Client router it connects instantly.
The problem is with Cisco or the config. I have sniffed every packet leaving the Cisco it never tries to connect to the LNS. Not 1 packet has ever left the router on port 1701 or any packet destined for 10.20.1.2 or any packet UDP I have sniffed and Wiresharked that port. It does nothing to even attempt to connect with the Cisco configuration I pasted a few messages back. So that would point to a bad config.
Everyone keeps mentioning LAC and PPPoE and don't seem to realise that L2TP is also used outside of Broadband networks like for VPNs which makes me think the Cisco is not capable of doing it. Maybe Cisco can only act as either LAC or LNS but not a simple L2TP client. Thats fine, if I know that I can bin the Cisco and buy Mikrotik to replace it.
Thanks
03-01-2023 02:41 PM
just finally try the config below and check again.
03-01-2023 02:22 PM
interface FastEthernet0/0
ip address x.x.x.x
!
! Define the psuedowire class that will speak L2TP and the source interface.
!
pseudowire-class L2TP_PW
encapsulation l2tpv2
ip local interface FastEthernet0/0
!
! Create Virtual-PPP interface to bind the psuedowire class to.
!
interface Virtual-PPP1
description L2TP Tunnel
ip address negotiated
ppp chap hostname *User Name*
ppp chap password *Password*
ppp ipcp address accept
pseudowire <serverIP> 1 pw-class L2TP_PW
that it I think
and above is not VPDN it simply L2tpv3 make router run as l2tp client
try config above and check.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide