I'm struggling with getting a connection to our vpn service provider from our 2821 router. I would like to terminate the vpn on the router so I can route certain traffic through the vpn. Example info I got from our vpn provider is:
l2tp shared secret: asdfasdfasdfasfd
They support l2tp over ipsec, pptp and sstp.
From the research I have done so far, I have found that ios does not support outgoing pptp connections, and I cannot for the life of me find a working l2tp over ipsec configuration that makes sense. I do have an hwic-4esw card in the router that I am trying to make the vpn connection from, so I'm wondering if that is where i'm having the trouble....I'm also running NAT on the interfaces on this router, which could also be part of my problem.
I'm a bit confused with the LAC, LNS, client-initiated, client peer, lan to lan, etc, configurations on the Cisco site. I'm assuming that i should not be setting up my router as an LAC, but instead as a client?
Does anyone know if this even works? Or is the vpn support on an IOS router only for router to router configurations?
There are many VPN options, usually the ISPs sell MPLS.
They can also provide the L2 WAN as Frame Relay or Point-to-Point links.
You can configure L3 IPsec VPNs or IPsec/GRE, and depending what you need create a DMVPN or GETVPN.
The difference with MPLS VPNs is that the ISP is involved in the routing and the IPsec VPNs you control all the routing, they just sell the L2 path.
IPsec has the advantage of having strong encryption after the encapsulation.
L2TP only encapsulates the traffic, that's why it uses IPsec for encryption.
PPTP only encapsulates the traffic and can provide MPPE encryption.
GRE only encapsulates the traffic and uses IPsec for encryption and the advantage is that GRE can be terminated on routers.
So, if you need VPN terminated on routers and you need to protect the traffic (and to have control over it) and to encapsulate other traffic than IP and unicast, i'll think you should look for IPsec/GRE or DMVPN in case you have many sites.