The Linksys routers are not the problem...

The computers are not connecting trough this routers, it's different things!

Can Windows also create this L2L tunnels?

Regards

This might help http://support.microsoft.com/kb/249278

This might help http://support.microsoft.com/kb/249278

Following the examples I ended with the config file below(Cisco 1801) that still doesn't accept VPN connections. Anyone can point a bug?

hostname nignet_router

!

banner exec #

---------------------

-EXEC mode - welcome-

---------------------

#

!

banner login #

-------------------------------------------------------

-LOGIN - Remember! We'll catch you. Anywhere. Anytime.-

-------------------------------------------------------

#

!

boot-start-marker

boot system flash c180x-advipservicesk9-mz.124-15.T8.bin

boot-end-marker

!

ip dhcp excluded-address 10.10.10.1 10.10.10.4

!

ip dhcp pool dhcp_pool_1

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

ip domain name nignet.dynalias.net

!

username admin privilege 15 secret 5 $1$rvh2$qTdtZ4umU0FDyKdU7lV7k1

!

interface FastEthernet0

description $ES_WAN$$FW_OUTSIDE$

ip address dhcp client-id FastEthernet0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

crypto map L2TP-IPSEC-MAP

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

ip forward-protocol nd

!

ip nat inside source list 1 interface FastEthernet0 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

no cdp run

!

line con 0

transport output telnet

line aux 0

transport output telnet

line vty 0 4

privilege level 15

transport input telnet

line vty 5 15

privilege level 15

transport input telnet

!

scheduler allocate 4000 1000

scheduler interval 500

!

crypto keyring myKeys

pre-shared-key address 0.0.0.0 0.0.0.0 key ipsec

!

crypto isakmp policy 1

encr 3des

hash sha

authentication pre-share

group 2

!

crypto ipsec transform-set L2TP-SET ah-sha-hmac esp-3des

mode transport

!

ip access-list extended L2TP-PACKET

permit udp any eq 1701 any eq 1701

!

crypto dynamic-map IPSEC-DYN-MAP 1

set transform-set L2TP-SET

match address L2TP-PACKET

!

crypto map L2TP-IPSEC-MAP 1 ipsec-isakmp profile L2TP-PROFILE

set transform-set L2TP-SET

crypto map L2TP-IPSEC-MAP 2 ipsec-isakmp dynamic IPSEC-DYN-MAP

!

vpdn enable

vpdn-group L2TP-VPDN

accept-dialin

protocol l2tp

virtual-template 1

l2tp security crypto-profile L2TP-PROFILE

no l2tp tunnel authentication

!

aaa new-model

!

aaa authentication login local_list local

aaa authentication ppp local_list local

aaa authorization network local_list local

!

username ipsecuser password 0 ipsecpass

!

interface Virtual-Template 1

ip unnumbered FastEthernet1

peer default ip address dhcp

ppp authentication ms-chap-v2 local_list

!

end

In the Microsoft document it is specific about the encryption access list format. I'm wondering if you should change it to include the host address of the router. This is the sample configuration from the Microsoft document. I put quotes around the part that I think should include the router's VPN tunnel endpoint IP address:

access-list 161 permit udp host "IOS IP Address" any eq 1701