07-01-2021 01:17 AM
Hello everyone!
Have such L2TP/IPsec config:
aaa new-model
aaa authentication ppp L2TP local
aaa authorization network L2TP local
ip dhcp excluded-address 10.1.1.1
!
ip dhcp pool L2TP_CLIENT_POOL
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 249 hex 2017.3d23.120a.2665.01
dns-server 8.8.8.8
vpdn enable
!
vpdn-group l2tp_group
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 2
no l2tp tunnel authentication
username user password user11
crypto isakmp policy 5
encr aes 256
authentication pre-share
group 20
lifetime 28800
crypto isakmp key PASS address 0.0.0.0 no-xauth
crypto ipsec transform-set L2TP_AES128_SHA esp-aes esp-sha-hmac
mode transport
crypto dynamic-map L2TP_DYNAMIC_MAP 10
set nat demux
set transform-set L2TP_AES128_SHA
match address L2TP_ENCRYPT
crypto map L2TP_MAP local-address Loopback91
crypto map L2TP_MAP 10 ipsec-isakmp dynamic L2TP_DYNAMIC_MAP
interface Loopback91
ip address 15.15.15.15 255.255.255.255
interface Loopback101
ip address 10.1.1.1 255.255.255.255
interface GigabitEthernet0/1
description ***************Internet*interface**********
ip address 14.14.14.14 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
crypto map L2TP_MAP
interface Virtual-Template2
ip unnumbered Loopback101
no ip redirects
no ip unreachables
peer default ip address dhcp-pool L2TP_CLIENT_POOL
ppp authentication chap ms-chap-v2 L2TP
ppp authorization L2TP
ip virtual-reassembly
end
ip access-list extended L2TP_ENCRYPT
permit udp host 15.15.15.15 eq 1701 any
This config work correct on cisco 3925
On isr4431 vpn-connection is established, default route is available but the route is not registered on the remote client via dhcp option 249
Also i tried option 121 and have the same result
Maybe there is another way to register route on the remote client?
07-01-2021 03:36 AM
the user able to authenticate, but not getting default on windows client
once you connected from the windows device, can you post ipconfig /all and route print
07-01-2021 05:40 AM
Sorry, I have non-english windows. Use translate for output
C: \ Users \ User> ipconfig / all
Configuring IP for Windows
Computer name. ... ... ... ... ... ... ... ... : DESKTOP-FMIS0NV
Primary DNS suffix. ... ... ... ... ... :
Node type. ... ... ... ... ... ... ... ... ... ... ... ... : Hybrid
IP routing is enabled. ... ... ... : Not
WINS proxy is enabled. ... ... ... ... ... ... : Not
Unknown VPN adapter - VPN Client:
State of the environment. ... ... ... ... ... ... ... : The transmission medium is not available.
DNS-suffix of the connection. ... ... ... ... :
Description. ... ... ... ... ... ... ... ... ... ... ... ... : VPN Client Adapter - VPN
Physical adress. ... ... ... ... ... ... ... ... : 5E-CB-7F-04-21-F2
DHCP is enabled. ... ... ... ... ... ... ... ... ... ... : Yes
Auto tuning is enabled. ... ... ... ... ... : Yes
Ethernet adapter Ethernet:
State of the environment. ... ... ... ... ... ... ... : The transmission medium is not available.
DNS-suffix of the connection. ... ... ... ... :
Description. ... ... ... ... ... ... ... ... ... ... ... ... : Realtek PCIe GbE Family Controller
Physical adress. ... ... ... ... ... ... ... ... : F4-30-B9-8B-3C-23
DHCP is enabled. ... ... ... ... ... ... ... ... ... ... : Not
Auto tuning is enabled. ... ... ... ... ... : Yes
Wireless LAN adapter LAN connection * 1:
State of the environment. ... ... ... ... ... ... ... : The transmission medium is not available.
DNS-suffix of the connection. ... ... ... ... :
Description. ... ... ... ... ... ... ... ... ... ... ... ... : Microsoft Wi-Fi Direct Virtual Adapter
Physical adress. ... ... ... ... ... ... ... ... : 88-78-73-8A-FD-69
DHCP is enabled. ... ... ... ... ... ... ... ... ... ... : Yes
Auto tuning is enabled. ... ... ... ... ... : Yes
Wireless LAN adapter LAN connection * 2:
State of the environment. ... ... ... ... ... ... ... : The transmission medium is not available.
DNS-suffix of the connection. ... ... ... ... :
Description. ... ... ... ... ... ... ... ... ... ... ... ... : Microsoft Wi-Fi Direct Virtual Adapter # 2
Physical adress. ... ... ... ... ... ... ... ... : 8A-78-73-8A-FD-68
DHCP is enabled. ... ... ... ... ... ... ... ... ... ... : Yes
Auto tuning is enabled. ... ... ... ... ... : Yes
PPP l2tp adapter:
DNS-suffix of the connection. ... ... ... ... :
Description. ... ... ... ... ... ... ... ... ... ... ... ... : l2tp
Physical adress. ... ... ... ... ... ... ... ... :
DHCP is enabled. ... ... ... ... ... ... ... ... ... ... : Not
Auto tuning is enabled. ... ... ... ... ... : Yes
IPv4 address. ... ... ... ... ... ... ... ... ... ... ... : 10.1.1.24 (Main)
Subnet mask . ... ... ... ... ... ... ... ... ... : 255.255.255.255
Main gate. ... ... ... ... ... ... ... ... :
DNS servers. ... ... ... ... ... ... ... ... ... ... : 8.8.8.8
NetBios over TCP / IP. ... ... ... ... ... ... ... : Switched on
Wireless LAN adapter Wireless network:
DNS-suffix of the connection. ... ... ... ... :
Description. ... ... ... ... ... ... ... ... ... ... ... ... : Intel (R) Dual Band Wireless-AC 7265
Physical adress. ... ... ... ... ... ... ... ... : 88-78-73-8A-FD-68
DHCP is enabled. ... ... ... ... ... ... ... ... ... ... : Yes
Auto tuning is enabled. ... ... ... ... ... : Yes
Link-local IPv6 address. ... ... : fe80 :: 85be: 6a52: 93ef: f46b% 12 (main)
IPv4 address. ... ... ... ... ... ... ... ... ... ... ... : 192.168.53.98 (Main)
Subnet mask . ... ... ... ... ... ... ... ... ... : 255.255.255.0
The lease has been received. ... ... ... ... ... ... ... ... ... : July 1, 2021 14:59:39
The lease is about to expire. ... ... ... ... ... ... ... ... ... : July 1, 2021 15:59:38 PM
Main gate. ... ... ... ... ... ... ... ... : 192.168.53.58
DHCP server. ... ... ... ... ... ... ... ... ... ... : 192.168.53.58
IAID DHCPv6. ... ... ... ... ... ... ... ... ... ... : 92829811
DUID of DHCPv6 client. ... ... ... ... ... ... : 00-01-00-01-25-69-5D-48-F4-30-B9-8B-3C-23
DNS servers. ... ... ... ... ... ... ... ... ... ... : 8.8.8.8
NetBios over TCP / IP. ... ... ... ... ... ... ... : Switched on
C: \ Users \ User> route print
================================================== =========================
List of interfaces
11 ... 5e cb 7f 04 21 f2 ...... VPN Client Adapter - VPN
3 ... f4 30 b9 8b 3c 23 ...... Realtek PCIe GbE Family Controller
18 ... 88 78 73 8a fd 69 ...... Microsoft Wi-Fi Direct Virtual Adapter
9 ... 8a 78 73 8a fd 68 ...... Microsoft Wi-Fi Direct Virtual Adapter # 2
51 ........................... l2tp
12 ... 88 78 73 8a fd 68 ...... Intel (R) Dual Band Wireless-AC 7265
1 ........................... Software Loopback Interface 1
================================================== =========================
IPv4 route table
================================================== =========================
Active routes:
Network address Network mask Gateway address Interface Metric
0.0.0.0 0.0.0.0 192.168.53.58 192.168.53.98 55
10.0.0.0 255.0.0.0 10.1.1.1 10.1.1.24 46
10.1.1.24 255.255.255.255 On-link 10.1.1.24 301
15.15.15.15 255.255.255.255 192.168.53.58 192.168.53.98 56
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.53.0 255.255.255.0 On-link 192.168.53.98 311
192.168.53.98 255.255.255.255 On-link 192.168.53.98 311
192.168.53.255 255.255.255.255 On-link 192.168.53.98 311
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.53.98 311
224.0.0.0 240.0.0.0 On-link 10.1.1.24 301
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.53.98 311
255.255.255.255 255.255.255.255 On-link 10.1.1.24 301
================================================== =========================
Permanent routes:
Network address Mask Gateway address Metric
0.0.0.0 0.0.0.0 10.1.1.1 Default
================================================== =========================
IPv6 route table
=========================
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide