cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
908
Views
13
Helpful
6
Replies

L2TP IPSec

mikntwd49508
Level 1
Level 1

I have 2811 router.

Trying to connect to customer via VPN "L2TP IPSec". Cannot connect.

How do I verify my router is allowing me to connect to customer VPN using IPSec?

6 Replies 6

mikntwd49508
Level 1
Level 1

PS... the VPN is Windows Network connection.

Keith, you need to allow through the IPsec ports udp 500, udp 4500 and protocol 50 esp.

create an inbound access list allowing these IPsect ports and apply acl to your outbound interface. Are you using Cisco vpn client on the windows machine? or are you using PPTP ? if using PPTP you need tcp 1723 and allow GRE protocol 47 .

HTH

Jorge

Jorge Rodriguez

Can you give me an example of what the command parameters might look like?

like: 10 permit udp any any

You can try :

access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log

access-list 101 permit tcp any any eq 1723 log

access-list 101 permit gre any any log

apply acl-101 to outbound interface

access-group 101 in

if you want to be more especific with acl then create one specifying destination host.

Jorge Rodriguez

The connection properties is created in Windows. As far as I know, Its suppose to be L2TP IPSec VPN connection. No Cisco VPN client software is being used.

ok then omit in above acl udp 500, 4500 and esp protoco, if vpn clinent is the mricrosoft version it is the pptp.

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco