Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
0
Replies

L2TP acces problem on cisco CISCO1941/K9

pmartinez4191
Level 1
Level 1

‎03-31-2020 02:01 AM

Hi everyone,

I am having trouble setting up a l2tp access VPN on a Cisco 1900. The vpn goes up correctly, I can ping local router interfaces, but I cannot access LAN.

I have the same configuration on a 1800 router working properly.

 

vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 2
no l2tp tunnel authentication

 

crypto ipsec transform-set L2TP esp-3des esp-sha-hmac
mode transport

 

 

crypto dynamic-map L2TP-MAP 11
set nat demux
set transform-set L2TP

 

crypto map VPN-CRYPTO 11 ipsec-isakmp dynamic L2TP-MAP

 

interface Loopback100
ip address 192.168.202.254 255.255.255.0

,

interface Virtual-Template2
ip unnumbered Loopback100
zone-member security inside
peer default ip address pool L2TP-POOL
ppp authentication ms-chap-v2
!

 

ip local pool L2TP-POOL 192.168.202.10 192.168.202.200

 

Then, I have applied the crypto map to Dialer Interface

 

RO-AJ#show crypto ipsec sa peer XXX

 

interface: Dialer1
Crypto map tag: VPN-CRYPTO, local addr x.x.x.x

protected vrf: (none)
local ident (addr/mask/prot/port): (x.x.x.x/255.255.255.255/17/1701)
remote ident (addr/mask/prot/port): (x.x.x.x/255.255.255.255/17/4500)
current_peer x.x.x.x port 4500
PERMIT, flags={}
#pkts encaps: 657, #pkts encrypt: 657, #pkts digest: 657
#pkts decaps: 6832, #pkts decrypt: 6832, #pkts verify: 6832
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: x.x.x.x remote crypto endpt.: x.x.x.x
path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
current outbound spi: 0x70BE3D4C(1891515724)
PFS (Y/N): N, DH group: none

inbound esp sas:
spi: 0xDF6D1B42(3748469570)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport UDP-Encaps, }
conn id: 3543, flow_id: Onboard VPN:1543, sibling_flags 80000000, crypto map: VPN-CRYPTO
sa timing: remaining key lifetime (k/sec): (227299/1433)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x70BE3D4C(1891515724)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport UDP-Encaps, }
conn id: 3544, flow_id: Onboard VPN:1544, sibling_flags 80000000, crypto map: VPN-CRYPTO
sa timing: remaining key lifetime (k/sec): (227669/1433)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)

outbound ah sas:

outbound pcp sas:

 

Could someone tell me what I'm doing wrong? Thanks in advance.

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents