ā04-04-2013 05:32 AM
Hello,
I'm not able to find an answer on very simple question...Does Cisco 1921 router support L2TP/IpSec VPN connections? (from Windows 7 clients)
If it does could you please point me to the proper location/document where I can read more about it.
I've allready tried with the configuration below, but ppp command under Virtual-Template1 interface doesn't exits.
Thank you very much for your responses.
Regards,
Herman
##### VPN Configuration I already tried, but it didn't work #########################
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 4000
crypto isakmp key xxxxxxx address X.X.X.X (strongvpn ip)
!
!
crypto ipsec transform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
mode transport
!
crypto map L2TP-IPSEC 10 ipsec-isakmp
set peer X.X.X.X
set transform-set ESP-AES256-SHA1
match address 101
!
!
!
pseudowire-class pwclass1
encapsulation l2tpv2
ip local interface FastEthernet0/0
ip pmtu
!
!
!
!
interface FastEthernet0/0
ip address dhcp
duplex auto
speed auto
crypto map L2TP-IPSEC
!
interface FastEthernet0/1
ip address 10.20.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
interface Virtual-PPP1
ip address negotiated
ip mtu 1399
ip nat outside
ip virtual-reassembly max-reassemblies 64
no cdp enable
ppp authentication ms-chap-v2 callin
ppp chap hostname vpnxxx
ppp chap password 0 xxxxxxxxxx
pseudowire X.X.X.X 1 pw-class pwclass1
##################################################################################################################
cisco-gw#show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(4)M2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 07-Nov-12 12:45 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
cisco-gw uptime is 2 days, 4 hours, 22 minutes
System returned to ROM by power-on
System restarted at 09:11:07 PCTime Tue Apr 2 2013
System image file is "usbflash0:c1900-universalk9-mz.SPA.152-4.M2.bin"
Last reload type: Normal Reload
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco CISCO1921/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FCZ170793UH
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
249840K bytes of USB Flash usbflash0 (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO1921/K9
Technology Package License Information for Module:'c1900'
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
data None None None
Configuration register is 0x2102
Solved! Go to Solution.
ā04-04-2013 02:01 PM
Yes, it is supported.
There is need to configure encapsulation under virtual-template.
Note: you will have much better results using IPSec VPN client, or SSL VPN client, AnyConnect.
ā04-04-2013 02:01 PM
Yes, it is supported.
There is need to configure encapsulation under virtual-template.
Note: you will have much better results using IPSec VPN client, or SSL VPN client, AnyConnect.
ā04-05-2013 01:32 AM
Hi Paolo,
Thank you for your response.
But, problem with missing ppp and peer comand under Virtual-Template 1 interface still remains.
So, I cannot execute the following two statements below (any idea why):
peer default ip address pool default ppp authentication ms-chap
rg,
Herman
ā04-08-2013 05:59 AM
I found these two commands under Virtual-Template 2 interface, so I made some progress.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: