L2TP vpn windows 7

johnakeating · ‎10-16-2009

I want to establish a vpn from Windows 7 without any other client to a Cisco 1801.

Is L2TP the best way?

Where can I find some information for configuring it?

aunzhakov · ‎10-17-2009

http://www.cisco.com/en/US/tech/tk827/tk369/tk388/tsd_technology_support_sub-protocol_home.html

nunojpg00 · ‎10-20-2009

I'm trying the exact same thing - Windows 7, L2TP/IPSec, to a Cisco 1801 with IOS 12.4

I couldn't yet manage to configure it. The Windows 7/XP clients always hang in "Connecting to.."

My best guess for the config file up to now is below. Can someone point a bug? :(

Regards

hostname nignet_router

!

banner exec #

---------------------

-EXEC mode - welcome-

---------------------

#

!

banner login #

-------------------------------------------------------

-LOGIN - Remember! We'll catch you. Anywhere. Anytime.-

-------------------------------------------------------

#

!

boot-start-marker

boot system flash c180x-advipservicesk9-mz.124-15.T8.bin

boot-end-marker

!

ip dhcp excluded-address 10.10.10.1 10.10.10.4

!

ip dhcp pool dhcp_pool_1

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

ip domain name nignet.dynalias.net

!

username admin privilege 15 secret 5 $1$rvh2$qTdtZ4umU0FDyKdU7lV7k1

!

aaa new-model

!

interface FastEthernet0

description $ES_WAN$$FW_OUTSIDE$

ip address dhcp client-id FastEthernet0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

crypto map L2TP-IPSEC-MAP

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

ip forward-protocol nd

!

ip nat inside source list 1 interface FastEthernet0 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

no cdp run

!

line con 0

transport output telnet

line aux 0

transport output telnet

line vty 0 4

privilege level 15

transport input telnet

line vty 5 15

privilege level 15

transport input telnet

!

scheduler allocate 4000 1000

scheduler interval 500

!

crypto keyring myKeys

pre-shared-key address 0.0.0.0 0.0.0.0 key ipsec

!

crypto isakmp policy 1

encr 3des

hash sha

authentication pre-share

group 2

!

crypto ipsec transform-set L2TP-SET ah-sha-hmac esp-3des

mode transport

!

ip access-list extended L2TP-PACKET

permit udp any eq 1701 any eq 1701

!

crypto dynamic-map IPSEC-DYN-MAP 1

set transform-set L2TP-SET

match address L2TP-PACKET

!

crypto map L2TP-IPSEC-MAP 1 ipsec-isakmp profile L2TP-PROFILE

set transform-set L2TP-SET

crypto map L2TP-IPSEC-MAP 2 ipsec-isakmp dynamic IPSEC-DYN-MAP

!

vpdn enable

vpdn-group L2TP-VPDN

accept-dialin

protocol l2tp

virtual-template 1

l2tp security crypto-profile L2TP-PROFILE

no l2tp tunnel authentication

!

aaa authentication login local_list local

aaa authentication ppp local_list local

aaa authorization network local_list local

!

username ipsecuser password 0 ipsecpass

!

interface Virtual-Template 1

ip unnumbered FastEthernet1

peer default ip address dhcp

ppp authentication ms-chap-v2 local_list

!

end