Android smartphone L2TP IPSEC vpn on IOS

choclateer · ‎12-30-2012

Does anybody have a good vpn config for a router to allow vpn connections from Android phones using L2TP-IPSEC? Router is an 1841 running most current IOS ver 15.1

choclateer · ‎12-31-2012

Cisco TAC helped us, here are the relevant parts:

!

vpdn enable

vpdn multihop

vpdn history failure table-size 50

!

vpdn-group 1

accept-dialin

protocol l2tp

virtual-template 2

source-ip x.x.x.x

lcp renegotiation always

l2tp tunnel hello 15

no l2tp tunnel authentication

l2tp tunnel timeout no-session 5000

l2tp tunnel framing capabilities all

l2tp tunnel bearer capabilities all

l2tp ip udp checksum

ip pmtu

ip mtu adjust

!

crypto keyring l2tp

pre-shared-key address 0.0.0.0 0.0.0.0 key yyyyyyyy

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

!

crypto isakmp profile l2tp

keyring l2tp

match identity address 0.0.0.0

!

crypto ipsec transform-set phone-trans esp-3des esp-sha-hmac

mode transport

!

crypto dynamic-map SDM_DYNMAP_1 1

set transform-set ESP-3DES-SHA

set isakmp-profile VPN_clients

reverse-route

crypto dynamic-map SDM_DYNMAP_1 2

set transform-set phone-trans

set isakmp-profile l2tp

!

crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

!

interface FastEthernet0/0

description OUTSIDE$$ETH-LAN$

ip address x.x.x.x 255.255.255.0

...

crypto map SDM_CMAP_1

!

interface Virtual-Template2

ip unnumbered FastEthernet0/1

no ip redirects

no ip unreachables

no ip proxy-arp

ip virtual-reassembly in

ip verify unicast source reachable-via rx

ip tcp header-compression

peer default ip address pool SDM_POOL_1

ntp disable

keepalive 5 2

ppp mtu adaptive

ppp authentication pap ms-chap ms-chap-v2 chap

ppp ipcp header-compression ack

ppp ipcp address required

ppp ipcp address unique

no clns route-cache

!

ip local pool SDM_POOL_1 192.168.1.201 192.168.1.211