cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
596
Views
0
Helpful
1
Replies

L2tp server for windows

ttecs
Level 1
Level 1

I have spent days trying to get a simple l2tp server under IOS 15. I have over 50 sites with various routers and am trying to standardise them all to allow remote access from basically anything.

I just cannot get a win 10 pc to connect.

I have looked at a bazillion different examples, many of which seem to contradict each other.

The test router is a 1801 running IOS 15 with Fe0 as the public port and all other ports in VLan1.

Config is:

hostname vpntest
logging message-counter syslog
enable secret secret-squirrel
aaa new-model
aaa authentication ppp VPDN_AUTH local
aaa authorization network VPDN_AUTH local if-authenticated
no ip source-route
ip cef
ip name-server 8.8.8.8
vpdn enable
!
vpdn-group L2TP
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
lcp renegotiation always
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0 no-xauth
!
crypto ipsec transform-set MS_IPSEC esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map MS_MAP 1
set nat demux
set transform-set MS_IPSEC
!
crypto map L2TP_MAP 6000 ipsec-isakmp dynamic MS_MAP
!
interface Virtual-Template1
ip unnumbered Loopback2
peer default ip address pool L2TP_POOL
ppp authentication pap chap ms-chap ms-chap-v2 VPDN_AUTH
ppp mtu adaptive
ppp encrypt mppe 128 required
!
interface Loopback2
ip address 192.168.220.254 255.255.255.255
!
ip local pool L2TP_POOL 192.168.220.21 192.168.220.30
!
username vpnuser password 0 vpnpassword

!
interface Loopback2
ip address 192.168.220.254 255.255.255.255
!
ip local pool L2TP_POOL 192.168.220.21 192.168.220.30
!
username vpnuser password 0 vpnpassword
!
interface FastEthernet0
ip address 203.55.66.77 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map L2TP_MAP
!
interface Vlan1
ip address 192.168.221.254 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 203.55.66.88
!
no ip http server
!
ip nat inside source list 1 interface FastEthernet0 overload
!
dialer-list 1 protocol ip permit
!
control-plane
!
line con 0
line aux 0
line vty 0 4
exec-timeout 15 0
transport input all

Ok so where have I screwed up :)

N.B. I have butchered this to remove any actual addresses etc. 

 

1 Reply 1

ttecs
Level 1
Level 1

doesn't matter, I have worked it out.

 

needed hash sha in the crypti isakmp policy.