I actually read that before creating my config. I didn't really get the loopback part though (also suggested by the other responder), so I went with what I thought was a little simpler just slapping the virt-temp onto the vlan (which I goofed, but corrected with no difference).

Yea, looks like I goofed the virtual-template... I corrected it to Vlan1 and attached the log (for real this time). Looks like pretty much the same thing happening though.

Does it get connected? What is the IP of int vlan? edited.

interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip nat enable
 ip virtual-reassembly in

It's doing something, but not connecting when I try...

edited

Are you trying to connect by computer with ip of 192.168.0.26 ?

Are you trying to connect from inside the network?

If yes. You need to do some changes.

int dialer 0

no  crypto map L2TP-MAP

int vlan 1

  crypto map L2TP-MAP

ip local pool L2TP-VPN-POOL 192.168.10.101 192.168.10.110

int loopback 10

ip address 192.168.10.1 255.255.255.0

interface Virtual-Template10

 ip unnumbered loopback 10

ip nat inside

Add 192.168.10.X to your nat list

I was trying to connect from 192.168.0.26, and I am inside the network trying to connect to the internet facing dialer IP for testing... althought the purpose is to be able to connect via the internet from an outside network.

Is the loopback neccessary to acheive what I'm trying? I can see why it might be preferred in some situations, but I'd rather just dump the vpn user directly onto my subnet.

Is "ip nat inside" supposed to go in the vitual-template?

Hello, Actually loopback is not necessary, but you can seperate VPN user from internel user.

If you are connecting from inside, crypto map L2TP-MAP must be set on int vlan 1.

If you are connecting from outside, crypto map L2TP-MAP must be set on int Dialer.

"ip nat inside" must be set on int vitual-template if users are going to access the internet Because VPN users are coming from this interface.

If you do not want to use loopback and try connecting from inside use this.

int dialer 0

no  crypto map L2TP-MAP

int vlan 1

  crypto map L2TP-MAP

ip local pool L2TP-VPN-POOL 192.168.0.101 192.168.0.110

interface Virtual-Template10

 ip unnumbered Vlan1

ip nat inside

Masoud

Still not working, no connection established.

The windows client is returning 809, server not responding. Wireshark shows that I'm getting StopCCN traffic back, so obviously the router is responding.

Here's a new debug log, it looks a little different, still can't tell what's going on though.

Regarding the line

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0 no-xauth

That is how I entered it, the subnet 0.0.0.0 does not show up though, it just shows a big blank gap between the ip 0.0.0.0 and no-xauth. I re-did it anyway, same thing, not sure if its a problem or not.

I added the no l2tp tunnel authentication but still not getting a connection.

Getting a slightly different debug, attached.

When I applied the crypto map to the dialer, this config works over the internet, since that was it's intended purpose I don't care that it's not working internally for my test.

Cheers.