Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1969
Views
0
Helpful
1
Replies

L2TP/IPSec VPN with Sonicwall 2400 and Cisco IOS

Han Zhong Guo
Level 1
Level 1

‎07-09-2013 08:32 PM - edited ‎02-21-2020 07:00 PM

My datacenter is using a Sonicwall 2400 and my remote branch office is using a Cisco 1841

I am trying to get the Cisco 1841 to connect to my Sonicwall 2400 using L2TP/IPSEC with PSK VPN.

Below is my router config but i still can't get it to work, can some Cisco VPN expert please help me vet through my config and see whether have i configured my 1841 router correctly ?

My preshared key is secretkey and authencation username and password is admin/admin, my sonicwall 2400 is at 42.x.x.x and the Cisco 1841 is at 27.xx.xx.xx

I have tested the Sonicwall L2TP/IPSEC VPN using my laptop Sonicwall VPN client and Android phone and both are working properly.

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service internal

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$iC.V$wihwNREo0D0aXTu7pkmbK/

!

no aaa new-model

no ip source-route

no ip gratuitous-arps

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.10.127 10.10.10.254

!

ip dhcp pool LAN

   network 10.10.10.0 255.255.255.0

   domain-name local

   dns-server 10.10.10.1

   default-router 10.10.10.1

!

!

ip domain name local

ip name-server 165.x.x.x

ip multicast-routing

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

vpdn enable

!

vpdn-group L2TP-VPN

request-dialin

  protocol l2tp

  pool-member 2

initiate-to ip 42.x.x.x

no l2tp tunnel authentication

!

!

!

!

username admin password 0 admin

!

!

!

!

crypto isakmp policy 1

encr aes

authentication pre-share

group 2

lifetime 28800

crypto isakmp key secretkey address 42.x.x.x

!

!

crypto ipsec transform-set ESP-AES128-SHA1 esp-aes esp-sha-hmac

mode transport

!

crypto map L2TP-VPN 10 ipsec-isakmp

set peer 42.x.x.x

set transform-set ESP-AES128-SHA1

match address L2TP-SA-DIALER1

!

!

!

interface FastEthernet0/0

ip address 27.xx.xx.xx

duplex auto

speed auto

crypto map L2TP-VPN

!

interface FastEthernet0/1

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

shutdown

duplex auto

speed auto

!

interface Dialer1

description L2TP-VPN

ip address negotiated

ip mtu 1400

ip flow ingress

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1360

dialer pool 2

dialer idle-timeout 0

dialer vpdn

dialer-group 2

no cdp enable

ppp chap hostname admin

ppp chap password 0 admin

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

!

ip http server

no ip http secure-server

!

ip access-list extended L2TP-SA-DIALER1

permit ip any any

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

Labels:
0 Helpful
1 Reply 1

Han Zhong Guo
Level 1
Level 1

‎07-09-2013 08:36 PM

On my Sonicwall 2400, i am seeing these messages below inside my logs.

2807/10/2013 11:07:47.208WarningVPN IKEReceived packet retransmission. Drop duplicate packet27.xx.xx.xxx, 29200 (admin)42.xx.xx.xxx, 4500VPN Policy: WAN GroupVPN
3007/10/2013 11:07:37.224InfoVPN IKEIKE Responder: Main Mode complete (Phase 1)27.xx.xx.xxx, 29200 (admin)42.xx.xx.xxx, 4500VPN Policy: WAN GroupVPN;AES-128; SH
A1; DH Group 2; lifetime=28800 secs
3107/10/2013 11:07:37.144InfoVPN IKENAT Discovery : Peer IPSec Security Gateway behind a NAT/NAPT Device
3207/10/2013 11:07:37.080InfoVPN IKEIKE Responder: Received Main Mode request (Phase 1)27.xx.xx.xxx, 12783 (admin)42.xx.xx.xxx, 500
0 Helpful
Customers Also Viewed These Support Documents