cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
132
Views
0
Helpful
0
Replies
Beginner

L2TP over IPSEC Passthrough - Issues

Hi all,

 

hope you can help me.

I've been hitting with my head trying to put a VPN L2TP with IPsec Policy to work but I haven't been able to.

Basically I have a Draytek router (LAN IP 10.14.99.99) connected to a Cisco Router via the Wan 1 port  (WAN IP 10.14.100.97) and the Cisco router having the IP 10.14.100.101. I have the Draytek working as a VPN Server and trough PPTP everything works fine.

Then I was requested to change the connection protocol from PPTP to L2TP over IPSEC. I configured the Draytek and when I tried to connect it wouldn't work. Then remembered that this protocol uses different ports. So I connected to the Cisco Router and executed some changes according to some topics I found in internet for the router to passtrough the VPN traffic but until the moment I haven't been able to put this VPN connection to work and honestly I don't know what to do anymore.

This is the configuration I have in the NAT and in the access lists: 

 

ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source static tcp 10.14.100.97 1723 interface Dialer1 1723
ip nat inside source static esp 10.14.99.99 interface Dialer1
ip nat inside source static tcp 10.14.20.5 8443 interface Dialer1 443
ip nat inside source static tcp 10.14.20.7 22 interface Dialer1 22
ip nat inside source static udp 10.14.100.97 500 interface Dialer1 500
ip nat inside source static udp 10.14.100.97 4500 interface Dialer1 4500
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.14.0.0 255.255.0.0 GigabitEthernet0/0
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
permit esp any host 10.14.100.97
permit esp any host 10.14.99.99
permit udp any host 10.14.100.97 eq isakmp non500-isakmp

 

Can someone please shed some light over this? Is this configuration Ok?

My networking skills are limited and only recently started playing with Ciscos

 

 

Everyone's tags (1)