11-24-2008 02:53 PM - edited 02-21-2020 03:07 AM
I am at a dead lock. I am trying to configure two 7200 routers to establish a L2TP w/IPSEC tunnel between each other. I have one router configured as a LNS and the other as a LAC. I want this to be a constant connection. Any sample configurations, thought will always be appreciated.
11-24-2008 05:57 PM
You can try this link although the doc is from 2006 but only one in the config example list, it should provide some guidance
l2tp over Ipsec
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f6f.shtml
http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html
11-25-2008 07:34 AM
I actually used those configuration templates but I did not have any luck
11-25-2008 12:55 PM
Have you try debugging the session, same link above?
terminal monitor
logging monitor 7
debug crypto ipsec
debug crypto isakmp
debug vpnd error
11-25-2008 06:29 PM
I tried those but no events.
11-25-2008 07:08 PM
Here is the LNS
TEST_ROUTER_C#show run
Building configuration...
Current configuration : 1487 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname TEST_ROUTER_C
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jEDN$N9YFPYJjqSeIlQPRqU978.
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
ip cef
ip audit po max-events 100
vpdn enable
vpdn search-order domain
!
vpdn-group 1
request-dialin
protocol l2tp
domain test.com
initiate-to ip 192.168.50.1
local name LAC
!
!
!
username LAC password 0 hello
username LNS password 0 hello
!
!
!
!
crypto isakmp policy 1
authentication pre-share
group 2
lifetime 3600
crypto isakmp key cisco address 192.168.50.1
!
!
crypto ipsec transform-set testtrans esp-des
!
crypto map l2tpmap 10 ipsec-isakmp
set peer 192.168.50.1
set transform-set testtrans
match address 101
!
!
!
interface FastEthernet0
ip address 192.168.50.2 255.255.255.252
no ip route-cache cef
no ip route-cache
no ip mroute-cache
speed auto
crypto map l2tpmap
!
interface Serial0
ip unnumbered FastEthernet0
encapsulation ppp
no fair-queue
ppp authentication chap
!
interface Serial1
no ip address
no fair-queue
!
ip local pool my_pool 10.31.1.100 10.31.1.110
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
no ip http secure-server
!
!
access-list 101 permit udp host 192.168.50.2 eq 1701 host 192.168.50.1 eq 1701
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
TEST_ROUTER_C#
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: