I have a requirement to build a VPN tunnel to a network on a Windows XP box. There is no option to use a newer Windows because the app only works on the Windows PC. I can't find any VPN client that would still support the XP so I researched and tried this L2TP IPSec thing. First of all, it works fine on my Windows 10 box. Here is my config
aaa authentication ppp VPDN_AUTH local
! Default L2TP VPDN group
no l2tp tunnel authentication
username test password 0 test
crypto isakmp policy 1
crypto isakmp key cisco123 address 0.0.0.0 no-xauth
crypto ipsec transform-set L2TP-transform-XP esp-3des esp-md5-hmac
crypto dynamic-map L2TP-map 10
set nat demux
set transform-set L2TP-transform-XP
set pfs group14
crypto map L2TP 10 ipsec-isakmp dynamic L2TP-map
ip address <public Internet IP>
crypto map L2TP
ip route 0.0.0.0 0.0.0.0 <gw>
On the Windows XP, it just says no response. On the IOS router (2921), when I compare the debug between a working Win10 with it, the difference is that right after the ISAKMP/IPSec stuff, there are L2TP activity (with the debug l2tp all) for the Win10, but nothing for the WinXP. Here is the last few lines of the debug isakmp and IPsec. I also verified that there is isakmp and ipsec SA both established.
*Jan 6 23:10:52.894: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
*Jan 6 23:10:52.894: ISAKMP: (1034):Received IPSec Install callback... proceeding with the negotiation
*Jan 6 23:10:52.894: ISAKMP: (1034):Successfully installed IPSEC SA (SPI:0x9BD9B713) on GigabitEthernet0/0/0
*Jan 6 23:10:52.895: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer 126.96.36.199:64916 f_vrf: Internet Id: 192.168.237.188
*Jan 6 23:10:52.895: ISAKMP-PAK: (1034):sending packet to 188.8.131.52 my_port 4500 peer_port 64916 (R) QM_IDLE
*Jan 6 23:10:52.895: ISAKMP: (1034):Sending an IKE IPv4 Packet.
*Jan 6 23:10:52.895: ISAKMP: (1034):Node 1, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
*Jan 6 23:10:52.896: ISAKMP: (1034):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2
*Jan 6 23:10:52.901: ISAKMP-PAK: (1034):received packet from 184.108.40.206 dport 4500 sport 64916 Internet (R) QM_IDLE
*Jan 6 23:10:52.901: ISAKMP: (1034):deleting node 1 error FALSE reason "QM done (await)"
*Jan 6 23:10:52.901: ISAKMP: (1034):Node 1, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Jan 6 23:10:52.901: ISAKMP: (1034):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE
*Jan 6 23:10:52.901: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Jan 6 23:10:52.901: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
<<< For the Win10, the L2TP messages would start >>>
IntroductionComponentsIBM MaaS360 ConfigurationISE ConfigurationOnboard and validating access from Windows ClientEnrolling Windows 10 against IBM MaaS 360
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protectio...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,...