Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1231
Views
0
Helpful
3
Replies

Mac OS X 10.4 <--- L2TP over IPSEC ---> IOS

Daniele Visaggio
Level 1
Level 1

‎04-13-2009 11:53 AM - edited ‎02-21-2020 04:12 PM

Hi all,

I'm trying to setup a L2TP over IPSEC vpn between a Mac OS X 10.4 host (with the Mac native vpn client) and a router running IOS (UC520).

The configuration I wrote is not working. Even if I activate some debug (ppp authentication, l2x error, l2x events, vpdn events, etc.) I don't see any type of activity when I try to bring up the vpn from the Mac host.

Please see the configuration attached.

Thank you in advance,

Kind Regards - Daniele Visaggio

Labels:
Preview file
2 KB
0 Helpful
3 Replies 3

Yudong Wu
Level 7
Level 7

‎04-14-2009 11:53 AM

From your configuration, I did not see where keyring "L2TP" is used. Therefore, no preshare key is configured.

If you still have issue, please turn on debug to see what happen.

0 Helpful

Daniele Visaggio
Level 1
Level 1
In response to Yudong Wu

‎04-16-2009 02:13 AM

Kwu2, thank for the prompt reply.

In order to write the configuration you read, I saw the config example located at:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_l2tp_nat_pat_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1047641

If you see this config example, you will notice that even here the crypto keyring command is only "declared" but not used by anything.

Maybe the Cisco example is wrong?

Regards - Daniele

0 Helpful

Yudong Wu
Level 7
Level 7
In response to Daniele Visaggio

‎04-16-2009 07:40 AM

It could be wrong.

Here is cmd ref of "crypto keyring", it should be used by isakmp profile.

Usage Guidelines

A keyring is a repository of preshared and Rivest, Shamir, and Adelman (RSA) public keys. The keyring is used in the ISAKMP profile configuration mode. The ISAKMP profile successfully completes authentication of peers if the peer keys are defined in the keyring that is attached to this profile.

Examples

The following example shows that a keyring and its usage have been defined:

crypto keyring vpnkeys

pre-shared-key address 10.72.23.11 key vpnsecret

crypto isakmp profile vpnprofile

keyring vpnkeys

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents