10-16-2009 11:33 AM
I want to establish a vpn from Windows 7 without any other client to a Cisco 1801.
Is L2TP the best way?
Where can I find some information for configuring it?
10-17-2009 12:18 AM
10-20-2009 03:07 PM
I'm trying the exact same thing - Windows 7, L2TP/IPSec, to a Cisco 1801 with IOS 12.4
I couldn't yet manage to configure it. The Windows 7/XP clients always hang in "Connecting to.."
My best guess for the config file up to now is below. Can someone point a bug? :(
Regards
hostname nignet_router
!
banner exec #
---------------------
-EXEC mode - welcome-
---------------------
#
!
banner login #
-------------------------------------------------------
-LOGIN - Remember! We'll catch you. Anywhere. Anytime.-
-------------------------------------------------------
#
!
boot-start-marker
boot system flash c180x-advipservicesk9-mz.124-15.T8.bin
boot-end-marker
!
ip dhcp excluded-address 10.10.10.1 10.10.10.4
!
ip dhcp pool dhcp_pool_1
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
!
ip domain name nignet.dynalias.net
!
username admin privilege 15 secret 5 $1$rvh2$qTdtZ4umU0FDyKdU7lV7k1
!
aaa new-model
!
interface FastEthernet0
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map L2TP-IPSEC-MAP
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip forward-protocol nd
!
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
no cdp run
!
line con 0
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet
line vty 5 15
privilege level 15
transport input telnet
!
scheduler allocate 4000 1000
scheduler interval 500
!
crypto keyring myKeys
pre-shared-key address 0.0.0.0 0.0.0.0 key ipsec
!
crypto isakmp policy 1
encr 3des
hash sha
authentication pre-share
group 2
!
crypto ipsec transform-set L2TP-SET ah-sha-hmac esp-3des
mode transport
!
ip access-list extended L2TP-PACKET
permit udp any eq 1701 any eq 1701
!
crypto dynamic-map IPSEC-DYN-MAP 1
set transform-set L2TP-SET
match address L2TP-PACKET
!
crypto map L2TP-IPSEC-MAP 1 ipsec-isakmp profile L2TP-PROFILE
set transform-set L2TP-SET
crypto map L2TP-IPSEC-MAP 2 ipsec-isakmp dynamic IPSEC-DYN-MAP
!
vpdn enable
vpdn-group L2TP-VPDN
accept-dialin
protocol l2tp
virtual-template 1
l2tp security crypto-profile L2TP-PROFILE
no l2tp tunnel authentication
!
aaa authentication login local_list local
aaa authentication ppp local_list local
aaa authorization network local_list local
!
username ipsecuser password 0 ipsecpass
!
interface Virtual-Template 1
ip unnumbered FastEthernet1
peer default ip address dhcp
ppp authentication ms-chap-v2 local_list
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide