Mac OS X 10.4 <--- L2TP over IPSEC ---> IOS

Unanswered Question
Apr 13th, 2009
User Badges:

Hi all,

I'm trying to setup a L2TP over IPSEC vpn between a Mac OS X 10.4 host (with the Mac native vpn client) and a router running IOS (UC520).

The configuration I wrote is not working. Even if I activate some debug (ppp authentication, l2x error, l2x events, vpdn events, etc.) I don't see any type of activity when I try to bring up the vpn from the Mac host.

Please see the configuration attached.

Thank you in advance,

Kind Regards - Daniele Visaggio

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Tue, 04/14/2009 - 11:53
User Badges:
  • Gold, 750 points or more

From your configuration, I did not see where keyring "L2TP" is used. Therefore, no preshare key is configured.

If you still have issue, please turn on debug to see what happen.

Daniele Visaggio Thu, 04/16/2009 - 02:13
User Badges:

Kwu2, thank for the prompt reply.

In order to write the configuration you read, I saw the config example located at:

If you see this config example, you will notice that even here the crypto keyring command is only "declared" but not used by anything.

Maybe the Cisco example is wrong?

Regards - Daniele

Yudong Wu Thu, 04/16/2009 - 07:40
User Badges:
  • Gold, 750 points or more

It could be wrong.

Here is cmd ref of "crypto keyring", it should be used by isakmp profile.

Usage Guidelines

A keyring is a repository of preshared and Rivest, Shamir, and Adelman (RSA) public keys. The keyring is used in the ISAKMP profile configuration mode. The ISAKMP profile successfully completes authentication of peers if the peer keys are defined in the keyring that is attached to this profile.


The following example shows that a keyring and its usage have been defined:

crypto keyring vpnkeys

pre-shared-key address key vpnsecret

crypto isakmp profile vpnprofile

keyring vpnkeys


This Discussion