cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
353
Views
0
Helpful
1
Replies

L2TP VPN trouble

sandman42
Level 1
Level 1

Hi,

I have a pix 501 and I have to allow a customer to connect via VPN with L2TP and a client under windows XP

This is the relevant part of the configuration:

ip local pool L2TPClient A.B.C.D mask 255.255.255.255

sysopt connection permit-ipsec

sysopt connection permit-l2tp

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport

crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20

vpdn group L2TPgrp accept dialin l2tp

vpdn group L2TPgrp ppp authentication pap

vpdn group L2TPgrp ppp authentication chap

vpdn group L2TPgrp ppp authentication mschap

vpdn group L2TPgrp client configuration address local L2TPClient

vpdn group L2TPgrp client configuration dns X.Y.Z.T

vpdn group L2TPgrp client authentication local

vpdn group L2TPgrp l2tp tunnel hello 60

vpdn username pippo password *********

vpdn enable outside

It happens that, when I try to connect using an XP client and a modem connection with no firewall, I have:

PPTP: soc select returns rd mask = 0x4

PPTP: new peer fd is 3

Tnl 6 PPTP: Tunnel created; peer initiatedPPTP: created tunnel, id = 6

PPTP: cc waiting for input, max soc fd = 3

PPTP: soc select returns rd mask = 0x8

PPTP: cc rcvdata, socket fd=3, new_conn: 0

PPTP: cc rcv 156 bytes of data

Tnl 6 PPTP: CC I

009c00011a2b3c4d0001000001000000000000010000000100000a280000000

0000000000000000000000000000000000000000000000000000000000000...

Tnl 6 PPTP: CC I SCCRQ

Tnl 6 PPTP: protocol version 0x100

Tnl 6 PPTP: framing caps 0x1

Tnl 6 PPTP: bearer caps 0x1

Tnl 6 PPTP: max channels 0

Tnl 6 PPTP: firmware rev 0xa28

Tnl 6 PPTP: hostname ""

Tnl 6 PPTP: vendor "Microsoft Windows NT"

Tnl 6 PPTP: Cannot find vpdn config for

Tnl 6 PPTP: SCCRQ-no -> state change wt-sccrq to terminal

Tnl 6 PPTP: CC O SCCRP

PPTP: cc snddata, socket fd=3, len=156, data:

009c00011a2b3c4d000200000100040000

00000300000003000012007069786669726577616c6c000000000000000000000000000000000000

0000000000...

Tnl 6 PPTP: Destroy tunnel

PPTP: cc waiting for input, max soc fd = 2

and obviously it doesn't work.

Particulary, I see a

Tnl 6 PPTP: hostname ""

that is suspicious. even all seems ok.

What's wrong?

Thanks and ciao

1 Reply 1

sadbulali
Level 4
Level 4

The primary benefit of configuring L2TP with IPsec in a remote access scenario is that remote users can access a VPN over a public IP network without a gateway or a dedicated line. This enables remote access from virtually any place with POTS. An additional benefit is that the only client requirement for VPN access is the use of Windows 2000 with Microsoft Dial-Up Networking (DUN). No additional client software, such as Cisco VPN Client software, is required.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807213a7.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094a5a.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: