Hi i'm new with vpn and before trying to use l2tp over ipsec, i'm trying to configre L2TP as voluntary tunnel from a router cisco to a client windows XP.

1)Is it possible to configure a l2tp with windows XP?

2)Does someone has a configuration sample to share of may can you correct my configuration.

Thanks by advance

cisco Router---------------------------Internet---------------------Windows Xp

¦

¦

¦

¦

Corporate LAN

Cisco 3640 sample configuration

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service linenumber

service udp-small-servers

service tcp-small-servers

!

hostname DGE_Router

!

username XP password 0 treste

vpdn enable

!

vpdn-group 1

accept-dialin

protocol l2tp

virtual-template 1

no l2tp tunnel authentication

!!

interface Loopback0

ip address 195.65.51.81 255.255.255.240

!

interface Ethernet0/0

description LAN preparation client MBNET

ip address 172.20.172.2 255.255.0.0

ip nat inside

half-duplex

ipx encapsulation SAP

ipx network 172

no cdp enable

!

interface Serial0/0

description DGE-DVD rented line

ip address 10.200.4.1 255.255.0.0

ip pim dense-mode

ipx network 10000200

no cdp enable

!

interface Ethernet0/1

description DGE Backbone

ip address 10.10.172.1 255.255.0.0

ip accounting output-packets

ip nat inside

ip pim dense-mode

full-duplex

ipx encapsulation SAP

ipx network 17200010

!

interface Ethernet1/0

description EXPO network

ip address 10.11.172.1 255.255.0.0

ip nat inside

ip pim dense-mode

half-duplex

!

interface Serial1/0

description Permanent Internet access to Swisscom IP-PLUS

ip address 154.168.84.150 255.255.255.252

ip access-group IAIN in

ip access-group IAOUT out

ip nat outside

no cdp enable

!

interface Ethernet1/1

ip address 175.85.21.65 255.255.255.240

ip nat outside

half-duplex

!

interface BRI2/0

no ip address

shutdown

isdn switch-type basic-net3

no fair-queue

no cdp enable

!

interface BRI2/1

description access inside DSA's network from outside

ip address 172.16.172.10 255.255.255.0

ip nat inside

encapsulation ppp

no ip mroute-cache

dialer idle-timeout 180

dialer-group 5

ipx network 7

isdn switch-type basic-net3

isdn caller 0228231237

isdn caller 0232570864

isdn answer1 4531

compress mppc

no cdp enable

ppp authentication chap ms-chap pap callin

ppp ipcp dns 10.10.172.2

ppp multilink

!

interface Virtual-Template1

ip unnumbered BRI2/1

ppp authentication chap

!

ip route 0.0.0.0 0.0.0.0 Serial1/0

ip route 10.172.0.0 255.255.0.0 Serial0/0

ip route 10.182.0.0 255.255.0.0 Serial0/0

ip route 172.201.6.0 255.255.255.0 Serial0/0

!

ip access-list extended DSARAIN

permit ip any any

ip access-list extended IAIN

remark Control Access from Internet (input)

permit icmp any host 164.128.74.150

permit icmp any any echo-reply

permit icmp any any ttl-exceeded

permit icmp any any host-unreachable

permit icmp any any host-unknown

permit icmp any any time-exceeded

permit udp any any eq ntp log

permit tcp any host 195.95.41.95 eq smtp

permit tcp any host 195.95.41.95 eq pop3

permit tcp any host 195.95.41.95 eq 143

permit tcp any host 195.95.41.90 eq www

permit tcp any host 195.95.41.90 eq smtp

permit tcp any host 195.95.41.90 eq 465

permit tcp any host 195.95.41.90 eq pop3

deny ip any any log

ip access-list extended IAOUT

permit tcp any any eq 636

permit tcp any any eq ftp

permit tcp any any eq nntp

permit tcp any any eq smtp

permit tcp any any eq pop3

permit tcp any any eq 143

permit tcp any any eq ftp-data

permit tcp any any eq 8008

permit tcp any any eq 8009

permit tcp any any eq 8080

permit udp any eq ntp any log

permit udp any any eq domain log

deny ip any any log