11-18-2008 03:18 AM - edited 02-21-2020 04:02 PM
Hi,
I have a pix 501 and I have to allow a customer to connect via VPN with L2TP and a client under windows XP
This is the relevant part of the configuration:
ip local pool L2TPClient A.B.C.D mask 255.255.255.255
sysopt connection permit-ipsec
sysopt connection permit-l2tp
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
vpdn group L2TPgrp accept dialin l2tp
vpdn group L2TPgrp ppp authentication pap
vpdn group L2TPgrp ppp authentication chap
vpdn group L2TPgrp ppp authentication mschap
vpdn group L2TPgrp client configuration address local L2TPClient
vpdn group L2TPgrp client configuration dns X.Y.Z.T
vpdn group L2TPgrp client authentication local
vpdn group L2TPgrp l2tp tunnel hello 60
vpdn username pippo password *********
vpdn enable outside
It happens that, when I try to connect using an XP client and a modem connection with no firewall, I have:
PPTP: soc select returns rd mask = 0x4
PPTP: new peer fd is 3
Tnl 6 PPTP: Tunnel created; peer initiatedPPTP: created tunnel, id = 6
PPTP: cc waiting for input, max soc fd = 3
PPTP: soc select returns rd mask = 0x8
PPTP: cc rcvdata, socket fd=3, new_conn: 0
PPTP: cc rcv 156 bytes of data
Tnl 6 PPTP: CC I
009c00011a2b3c4d0001000001000000000000010000000100000a280000000
0000000000000000000000000000000000000000000000000000000000000...
Tnl 6 PPTP: CC I SCCRQ
Tnl 6 PPTP: protocol version 0x100
Tnl 6 PPTP: framing caps 0x1
Tnl 6 PPTP: bearer caps 0x1
Tnl 6 PPTP: max channels 0
Tnl 6 PPTP: firmware rev 0xa28
Tnl 6 PPTP: hostname ""
Tnl 6 PPTP: vendor "Microsoft Windows NT"
Tnl 6 PPTP: Cannot find vpdn config for
Tnl 6 PPTP: SCCRQ-no -> state change wt-sccrq to terminal
Tnl 6 PPTP: CC O SCCRP
PPTP: cc snddata, socket fd=3, len=156, data:
009c00011a2b3c4d000200000100040000
00000300000003000012007069786669726577616c6c000000000000000000000000000000000000
0000000000...
Tnl 6 PPTP: Destroy tunnel
PPTP: cc waiting for input, max soc fd = 2
and obviously it doesn't work.
Particulary, I see a
Tnl 6 PPTP: hostname ""
that is suspicious. even all seems ok.
What's wrong?
Thanks and ciao
11-25-2008 02:19 PM
The primary benefit of configuring L2TP with IPsec in a remote access scenario is that remote users can access a VPN over a public IP network without a gateway or a dedicated line. This enables remote access from virtually any place with POTS. An additional benefit is that the only client requirement for VPN access is the use of Windows 2000 with Microsoft Dial-Up Networking (DUN). No additional client software, such as Cisco VPN Client software, is required.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: