Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

L2TP w/IPSEC Cisco 7200s.

I am at a dead lock. I am trying to configure two 7200 routers to establish a L2TP w/IPSEC tunnel between each other. I have one router configured as a LNS and the other as a LAC. I want this to be a constant connection. Any sample configurations, thought will always be appreciated.

5 REPLIES

Re: L2TP w/IPSEC Cisco 7200s.

You can try this link although the doc is from 2006 but only one in the config example list, it should provide some guidance

l2tp over Ipsec

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f6f.shtml

http://www.cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

Community Member

Re: L2TP w/IPSEC Cisco 7200s.

I actually used those configuration templates but I did not have any luck

Re: L2TP w/IPSEC Cisco 7200s.

Have you try debugging the session, same link above?

terminal monitor

logging monitor 7

debug crypto ipsec

debug crypto isakmp

debug vpnd error

Community Member

Re: L2TP w/IPSEC Cisco 7200s.

I tried those but no events.

Community Member

Re: L2TP w/IPSEC Cisco 7200s.

Here is the LNS

TEST_ROUTER_C#show run

Building configuration...

Current configuration : 1487 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname TEST_ROUTER_C

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$jEDN$N9YFPYJjqSeIlQPRqU978.

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

!

ip cef

ip audit po max-events 100

vpdn enable

vpdn search-order domain

!

vpdn-group 1

request-dialin

protocol l2tp

domain test.com

initiate-to ip 192.168.50.1

local name LAC

!

!

!

username LAC password 0 hello

username LNS password 0 hello

!

!

!

!

crypto isakmp policy 1

authentication pre-share

group 2

lifetime 3600

crypto isakmp key cisco address 192.168.50.1

!

!

crypto ipsec transform-set testtrans esp-des

!

crypto map l2tpmap 10 ipsec-isakmp

set peer 192.168.50.1

set transform-set testtrans

match address 101

!

!

!

interface FastEthernet0

ip address 192.168.50.2 255.255.255.252

no ip route-cache cef

no ip route-cache

no ip mroute-cache

speed auto

crypto map l2tpmap

!

interface Serial0

ip unnumbered FastEthernet0

encapsulation ppp

no fair-queue

ppp authentication chap

!

interface Serial1

no ip address

no fair-queue

!

ip local pool my_pool 10.31.1.100 10.31.1.110

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

no ip http server

no ip http secure-server

!

!

access-list 101 permit udp host 192.168.50.2 eq 1701 host 192.168.50.1 eq 1701

!

!

!

line con 0

line aux 0

line vty 0 4

password cisco

login

!

end

TEST_ROUTER_C#

394
Views
0
Helpful
5
Replies
CreatePlease to create content