08-24-2017 01:41 AM - edited 03-12-2019 04:29 AM
Please provide a configuration example for the 4321 router to act as VPDN server L2TP protocol for windows 7/10 L2TP clients
Thank you,
08-24-2017 01:09 PM
I'm not sure that's a common configuration. Why not try FlexVPN? It should be supported on the ISR 4321 router and Windows 7 clients.
This post here is a good example of a FlexVPN remote access confguration
08-25-2017 01:25 AM
Thank you RJI,
Actually I have tried PPTP protocol. Windows clients logon but cannot access internal VLAN not even ping the internal router IP. Any ideas? Below my configuration
Router#sh run
Building configuration...
Current configuration : 2091 bytes
!
! Last configuration change at 08:03:47 UTC Fri Aug 25 2017
!
version 15.5
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Stef4321
!
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no aaa new-model
!
subscriber templating
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
virtual-template 1
l2tp tunnel timeout no-session 15
ip mtu adjust
!
license udi pid ISR4321/K9 sn FDO2130034N
!
spanning-tree extend system-id
!
username cisco password 0 cisco
username xxxxx password 0 cisco
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
ip address 192.168.10.154 255.255.255.0
ip nat outside
negotiation auto
ip virtual-reassembly
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0/0
ip nat inside
ip tcp adjust-mss 1400
peer default ip address pool vpn1
no keepalive
ppp authentication pap chap ms-chap ms-chap-v2 eap
ip virtual-reassembly
!
interface Vlan1
ip address 10.10.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly
!
ip local pool vpn1 10.10.0.100 10.10.0.105
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 192.168.10.254
!
access-list 1 permit 10.10.0.0 0.0.255.255
!
control-plane
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password cisco
login
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide