Unanswered Question
Oct 1st, 2007

I have 2811 router.

Trying to connect to customer via VPN "L2TP IPSec". Cannot connect.

How do I verify my router is allowing me to connect to customer VPN using IPSec?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (3 ratings)
JORGE RODRIGUEZ Mon, 10/01/2007 - 09:43

Keith, you need to allow through the IPsec ports udp 500, udp 4500 and protocol 50 esp.

create an inbound access list allowing these IPsect ports and apply acl to your outbound interface. Are you using Cisco vpn client on the windows machine? or are you using PPTP ? if using PPTP you need tcp 1723 and allow GRE protocol 47 .



mikntwd49508 Mon, 10/01/2007 - 10:49

Can you give me an example of what the command parameters might look like?

like: 10 permit udp any any

JORGE RODRIGUEZ Mon, 10/01/2007 - 11:06

You can try :

access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log

access-list 101 permit tcp any any eq 1723 log

access-list 101 permit gre any any log

apply acl-101 to outbound interface

access-group 101 in

if you want to be more especific with acl then create one specifying destination host.

mikntwd49508 Mon, 10/01/2007 - 10:57

The connection properties is created in Windows. As far as I know, Its suppose to be L2TP IPSec VPN connection. No Cisco VPN client software is being used.

JORGE RODRIGUEZ Mon, 10/01/2007 - 11:11

ok then omit in above acl udp 500, 4500 and esp protoco, if vpn clinent is the mricrosoft version it is the pptp.


This Discussion