07-08-2002 07:35 AM - edited 02-21-2020 11:54 AM
Hi i'm new with vpn and before trying to use l2tp over ipsec, i'm trying to configre L2TP as voluntary tunnel from a router cisco to a client windows XP.
1)Is it possible to configure a l2tp with windows XP?
2)Does someone has a configuration sample to share of may can you correct my configuration.
Thanks by advance
cisco Router---------------------------Internet---------------------Windows Xp
¦
¦
¦
¦
Corporate LAN
Cisco 3640 sample configuration
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service linenumber
service udp-small-servers
service tcp-small-servers
!
hostname DGE_Router
!
username XP password 0 treste
vpdn enable
!
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!!
interface Loopback0
ip address 195.65.51.81 255.255.255.240
!
interface Ethernet0/0
description LAN preparation client MBNET
ip address 172.20.172.2 255.255.0.0
ip nat inside
half-duplex
ipx encapsulation SAP
ipx network 172
no cdp enable
!
interface Serial0/0
description DGE-DVD rented line
ip address 10.200.4.1 255.255.0.0
ip pim dense-mode
ipx network 10000200
no cdp enable
!
interface Ethernet0/1
description DGE Backbone
ip address 10.10.172.1 255.255.0.0
ip accounting output-packets
ip nat inside
ip pim dense-mode
full-duplex
ipx encapsulation SAP
ipx network 17200010
!
interface Ethernet1/0
description EXPO network
ip address 10.11.172.1 255.255.0.0
ip nat inside
ip pim dense-mode
half-duplex
!
interface Serial1/0
description Permanent Internet access to Swisscom IP-PLUS
ip address 154.168.84.150 255.255.255.252
ip access-group IAIN in
ip access-group IAOUT out
ip nat outside
no cdp enable
!
interface Ethernet1/1
ip address 175.85.21.65 255.255.255.240
ip nat outside
half-duplex
!
interface BRI2/0
no ip address
shutdown
isdn switch-type basic-net3
no fair-queue
no cdp enable
!
interface BRI2/1
description access inside DSA's network from outside
ip address 172.16.172.10 255.255.255.0
ip nat inside
encapsulation ppp
no ip mroute-cache
dialer idle-timeout 180
dialer-group 5
ipx network 7
isdn switch-type basic-net3
isdn caller 0228231237
isdn caller 0232570864
isdn answer1 4531
compress mppc
no cdp enable
ppp authentication chap ms-chap pap callin
ppp ipcp dns 10.10.172.2
ppp multilink
!
interface Virtual-Template1
ip unnumbered BRI2/1
ppp authentication chap
!
ip route 0.0.0.0 0.0.0.0 Serial1/0
ip route 10.172.0.0 255.255.0.0 Serial0/0
ip route 10.182.0.0 255.255.0.0 Serial0/0
ip route 172.201.6.0 255.255.255.0 Serial0/0
!
ip access-list extended DSARAIN
permit ip any any
ip access-list extended IAIN
remark Control Access from Internet (input)
permit icmp any host 164.128.74.150
permit icmp any any echo-reply
permit icmp any any ttl-exceeded
permit icmp any any host-unreachable
permit icmp any any host-unknown
permit icmp any any time-exceeded
permit udp any any eq ntp log
permit tcp any host 195.95.41.95 eq smtp
permit tcp any host 195.95.41.95 eq pop3
permit tcp any host 195.95.41.95 eq 143
permit tcp any host 195.95.41.90 eq www
permit tcp any host 195.95.41.90 eq smtp
permit tcp any host 195.95.41.90 eq 465
permit tcp any host 195.95.41.90 eq pop3
deny ip any any log
ip access-list extended IAOUT
permit tcp any any eq 636
permit tcp any any eq ftp
permit tcp any any eq nntp
permit tcp any any eq smtp
permit tcp any any eq pop3
permit tcp any any eq 143
permit tcp any any eq ftp-data
permit tcp any any eq 8008
permit tcp any any eq 8009
permit tcp any any eq 8080
permit udp any eq ntp any log
permit udp any any eq domain log
deny ip any any log
07-15-2002 01:49 PM
Per the datasheet on the VPN 3000, it does support the Windows 2000/XP L2TP/IPSec client, as well as Microsofts PPTP.
http://www.cisco.com/warp/public/cc/pd/hb/vp3000/prodlit/vpn3k_ds.htm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide