L2TP w/IPSEC Cisco 7200s.

Unanswered Question
Nov 24th, 2008

I am at a dead lock. I am trying to configure two 7200 routers to establish a L2TP w/IPSEC tunnel between each other. I have one router configured as a LNS and the other as a LAC. I want this to be a constant connection. Any sample configurations, thought will always be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bcnsupport1 Tue, 11/25/2008 - 07:34

I actually used those configuration templates but I did not have any luck

JORGE RODRIGUEZ Tue, 11/25/2008 - 12:55

Have you try debugging the session, same link above?

terminal monitor

logging monitor 7

debug crypto ipsec

debug crypto isakmp

debug vpnd error

bcnsupport1 Tue, 11/25/2008 - 19:08

Here is the LNS

TEST_ROUTER_C#show run

Building configuration...

Current configuration : 1487 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname TEST_ROUTER_C

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$jEDN$N9YFPYJjqSeIlQPRqU978.

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

!

ip cef

ip audit po max-events 100

vpdn enable

vpdn search-order domain

!

vpdn-group 1

request-dialin

protocol l2tp

domain test.com

initiate-to ip 192.168.50.1

local name LAC

!

!

!

username LAC password 0 hello

username LNS password 0 hello

!

!

!

!

crypto isakmp policy 1

authentication pre-share

group 2

lifetime 3600

crypto isakmp key cisco address 192.168.50.1

!

!

crypto ipsec transform-set testtrans esp-des

!

crypto map l2tpmap 10 ipsec-isakmp

set peer 192.168.50.1

set transform-set testtrans

match address 101

!

!

!

interface FastEthernet0

ip address 192.168.50.2 255.255.255.252

no ip route-cache cef

no ip route-cache

no ip mroute-cache

speed auto

crypto map l2tpmap

!

interface Serial0

ip unnumbered FastEthernet0

encapsulation ppp

no fair-queue

ppp authentication chap

!

interface Serial1

no ip address

no fair-queue

!

ip local pool my_pool 10.31.1.100 10.31.1.110

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

no ip http server

no ip http secure-server

!

!

access-list 101 permit udp host 192.168.50.2 eq 1701 host 192.168.50.1 eq 1701

!

!

!

line con 0

line aux 0

line vty 0 4

password cisco

login

!

end

TEST_ROUTER_C#

Actions

This Discussion