Hi everyone,
I am having trouble setting up a l2tp access VPN on a Cisco 1900. The vpn goes up correctly, I can ping local router interfaces, but I cannot access LAN.
I have the same configuration on a 1800 router working properly.
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 2
no l2tp tunnel authentication
crypto ipsec transform-set L2TP esp-3des esp-sha-hmac
mode transport
crypto dynamic-map L2TP-MAP 11
set nat demux
set transform-set L2TP
crypto map VPN-CRYPTO 11 ipsec-isakmp dynamic L2TP-MAP
interface Loopback100
ip address 192.168.202.254 255.255.255.0
,
interface Virtual-Template2
ip unnumbered Loopback100
zone-member security inside
peer default ip address pool L2TP-POOL
ppp authentication ms-chap-v2
!
ip local pool L2TP-POOL 192.168.202.10 192.168.202.200
Then, I have applied the crypto map to Dialer Interface
RO-AJ#show crypto ipsec sa peer XXX
interface: Dialer1
Crypto map tag: VPN-CRYPTO, local addr x.x.x.x
protected vrf: (none)
local ident (addr/mask/prot/port): (x.x.x.x/255.255.255.255/17/1701)
remote ident (addr/mask/prot/port): (x.x.x.x/255.255.255.255/17/4500)
current_peer x.x.x.x port 4500
PERMIT, flags={}
#pkts encaps: 657, #pkts encrypt: 657, #pkts digest: 657
#pkts decaps: 6832, #pkts decrypt: 6832, #pkts verify: 6832
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: x.x.x.x remote crypto endpt.: x.x.x.x
path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
current outbound spi: 0x70BE3D4C(1891515724)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xDF6D1B42(3748469570)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport UDP-Encaps, }
conn id: 3543, flow_id: Onboard VPN:1543, sibling_flags 80000000, crypto map: VPN-CRYPTO
sa timing: remaining key lifetime (k/sec): (227299/1433)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x70BE3D4C(1891515724)
transform: esp-3des esp-sha-hmac ,
in use settings ={Transport UDP-Encaps, }
conn id: 3544, flow_id: Onboard VPN:1544, sibling_flags 80000000, crypto map: VPN-CRYPTO
sa timing: remaining key lifetime (k/sec): (227669/1433)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
Could someone tell me what I'm doing wrong? Thanks in advance.