10-01-2007 08:57 AM - edited 03-03-2019 06:58 PM
I have 2811 router.
Trying to connect to customer via VPN "L2TP IPSec". Cannot connect.
How do I verify my router is allowing me to connect to customer VPN using IPSec?
10-01-2007 09:00 AM
PS... the VPN is Windows Network connection.
10-01-2007 09:43 AM
Keith, you need to allow through the IPsec ports udp 500, udp 4500 and protocol 50 esp.
create an inbound access list allowing these IPsect ports and apply acl to your outbound interface. Are you using Cisco vpn client on the windows machine? or are you using PPTP ? if using PPTP you need tcp 1723 and allow GRE protocol 47 .
HTH
Jorge
10-01-2007 10:49 AM
Can you give me an example of what the command parameters might look like?
like: 10 permit udp any any
10-01-2007 11:06 AM
You can try :
access-list 101 permit udp any any eq 500 log
access-list 101 permit udp any any eq 4500 log
access-list 101 permit esp any any log
access-list 101 permit tcp any any eq 1723 log
access-list 101 permit gre any any log
apply acl-101 to outbound interface
access-group 101 in
if you want to be more especific with acl then create one specifying destination host.
10-01-2007 10:57 AM
The connection properties is created in Windows. As far as I know, Its suppose to be L2TP IPSec VPN connection. No Cisco VPN client software is being used.
10-01-2007 11:11 AM
ok then omit in above acl udp 500, 4500 and esp protoco, if vpn clinent is the mricrosoft version it is the pptp.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: