Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

About windows 7 and 2tp/ipsec.

Hi colleagues

I have some issues about lt2p/ipsec and windows 7.

Here is my situation:

aaa authentication login default local

aaa authentication ppp default local

aaa authorization console

aaa authorization exec default local

vpdn enable


vpdn-group VPDN-L2TP

! Default L2TP VPDN group


  protocol l2tp

  virtual-template 1

lcp renegotiation on-mismatch

no l2tp tunnel authenticatio

crypto logging session


crypto isakmp policy 10

encr 3des

hash md5

authentication pre-share

group 2


crypto isakmp policy 20

encr 3des

authentication pre-share

group 2

crypto isakmp key ****** address

crypto isakmp invalid-spi-recovery

crypto isakmp keepalive 60



crypto ipsec transform-set L2TP esp-3des esp-md5-hmac

mode transport

crypto ipsec transform-set L2TP_V ah-sha-hmac esp-3des esp-sha-hmac

mode transport

crypto ipsec transform-set L2TP_7 esp-3des esp-sha-hmac

mode transport




crypto dynamic-map DYN-L2TP-MAP 10

set nat demux


crypto dynamic-map L2TP_D 10

set transform-set L2TP L2TP_V



crypto map L2TP 20 ipsec-isakmp dynamic L2TP_D






interface Loopback1

ip address

interface FastEthernet4

mac-address 0014.d110.f882

ip address *.*.*.*

ip access-group 111 out

no ip unreachables

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map L2TP


interface Virtual-Template1

ip unnumbered Loopback1

no ip route-cache

peer default ip address pool test

ppp mtu adaptive

ppp encrypt mppe 128

ppp authentication ms-chap-v2

access-list 111 deny   udp host any eq bootpc

access-list 111 deny   udp host any eq bootps

access-list 111 deny   ip any

access-list 111 permit ip any any

#sh ver

Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(1)T, RELEASE SOFTWARE (fc1)

Technical Support:

Copyright (c) 1986-2011 by Cisco Systems, Inc.

Compiled Fri 22-Jul-11 00:04 by prod_rel_team

ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)

* uptime is 50 minutes

System returned to ROM by reload at 11:54:35 UTC Sun Mar 4 2012

System restarted at 11:55:13 UTC Sun Mar 4 2012

System image file is "flash:c880data-universalk9-mz.152-1.T.bin"

Last reload type: Normal Reload

Last reload reason: Reload Command

With this configuration, windows XP can connect using built-in vpn client, but windows 2k8 and w7 can't.

First of all i went to google and started searching. I found many people with the same situation, but i have not found a solution.

I'll be very glad for any advice. The deadline is extremely close.

Thanks a lot!


Win 7 fails with error 788.

CreatePlease to create content