cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
821
Views
0
Helpful
5
Replies

L2TP w/IPSEC Cisco 7200s.

bcnsupport1
Level 1
Level 1

I am at a dead lock. I am trying to configure two 7200 routers to establish a L2TP w/IPSEC tunnel between each other. I have one router configured as a LNS and the other as a LAC. I want this to be a constant connection. Any sample configurations, thought will always be appreciated.

5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

You can try this link although the doc is from 2006 but only one in the config example list, it should provide some guidance

l2tp over Ipsec

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f6f.shtml

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

Jorge Rodriguez

I actually used those configuration templates but I did not have any luck

Have you try debugging the session, same link above?

terminal monitor

logging monitor 7

debug crypto ipsec

debug crypto isakmp

debug vpnd error

Jorge Rodriguez

I tried those but no events.

Here is the LNS

TEST_ROUTER_C#show run

Building configuration...

Current configuration : 1487 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname TEST_ROUTER_C

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$jEDN$N9YFPYJjqSeIlQPRqU978.

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

!

ip cef

ip audit po max-events 100

vpdn enable

vpdn search-order domain

!

vpdn-group 1

request-dialin

protocol l2tp

domain test.com

initiate-to ip 192.168.50.1

local name LAC

!

!

!

username LAC password 0 hello

username LNS password 0 hello

!

!

!

!

crypto isakmp policy 1

authentication pre-share

group 2

lifetime 3600

crypto isakmp key cisco address 192.168.50.1

!

!

crypto ipsec transform-set testtrans esp-des

!

crypto map l2tpmap 10 ipsec-isakmp

set peer 192.168.50.1

set transform-set testtrans

match address 101

!

!

!

interface FastEthernet0

ip address 192.168.50.2 255.255.255.252

no ip route-cache cef

no ip route-cache

no ip mroute-cache

speed auto

crypto map l2tpmap

!

interface Serial0

ip unnumbered FastEthernet0

encapsulation ppp

no fair-queue

ppp authentication chap

!

interface Serial1

no ip address

no fair-queue

!

ip local pool my_pool 10.31.1.100 10.31.1.110

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

no ip http server

no ip http secure-server

!

!

access-list 101 permit udp host 192.168.50.2 eq 1701 host 192.168.50.1 eq 1701

!

!

!

line con 0

line aux 0

line vty 0 4

password cisco

login

!

end

TEST_ROUTER_C#

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: