Mac OS X 10.4 <--- L2TP over IPSEC ---> IOS

Unanswered Question
Apr 13th, 2009

Hi all,

I'm trying to setup a L2TP over IPSEC vpn between a Mac OS X 10.4 host (with the Mac native vpn client) and a router running IOS (UC520).

The configuration I wrote is not working. Even if I activate some debug (ppp authentication, l2x error, l2x events, vpdn events, etc.) I don't see any type of activity when I try to bring up the vpn from the Mac host.

Please see the configuration attached.

Thank you in advance,

Kind Regards - Daniele Visaggio

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Tue, 04/14/2009 - 11:53

From your configuration, I did not see where keyring "L2TP" is used. Therefore, no preshare key is configured.

If you still have issue, please turn on debug to see what happen.

Daniele Visaggio Thu, 04/16/2009 - 02:13

Kwu2, thank for the prompt reply.

In order to write the configuration you read, I saw the config example located at:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_l2tp_nat_pat_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1047641

If you see this config example, you will notice that even here the crypto keyring command is only "declared" but not used by anything.

Maybe the Cisco example is wrong?

Regards - Daniele

Yudong Wu Thu, 04/16/2009 - 07:40

It could be wrong.

Here is cmd ref of "crypto keyring", it should be used by isakmp profile.

Usage Guidelines

A keyring is a repository of preshared and Rivest, Shamir, and Adelman (RSA) public keys. The keyring is used in the ISAKMP profile configuration mode. The ISAKMP profile successfully completes authentication of peers if the peer keys are defined in the keyring that is attached to this profile.

Examples

The following example shows that a keyring and its usage have been defined:

crypto keyring vpnkeys

pre-shared-key address 10.72.23.11 key vpnsecret

crypto isakmp profile vpnprofile

keyring vpnkeys

Actions

This Discussion