Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Mac OS X 10.4 <--- L2TP over IPSEC ---> IOS

Hi all,

I'm trying to setup a L2TP over IPSEC vpn between a Mac OS X 10.4 host (with the Mac native vpn client) and a router running IOS (UC520).

The configuration I wrote is not working. Even if I activate some debug (ppp authentication, l2x error, l2x events, vpdn events, etc.) I don't see any type of activity when I try to bring up the vpn from the Mac host.

Please see the configuration attached.

Thank you in advance,

Kind Regards - Daniele Visaggio


Re: Mac OS X 10.4 <--- L2TP over IPSEC ---> IOS

From your configuration, I did not see where keyring "L2TP" is used. Therefore, no preshare key is configured.

If you still have issue, please turn on debug to see what happen.

New Member

Re: Mac OS X 10.4 <--- L2TP over IPSEC ---> IOS

Kwu2, thank for the prompt reply.

In order to write the configuration you read, I saw the config example located at:

If you see this config example, you will notice that even here the crypto keyring command is only "declared" but not used by anything.

Maybe the Cisco example is wrong?

Regards - Daniele

Re: Mac OS X 10.4 <--- L2TP over IPSEC ---> IOS

It could be wrong.

Here is cmd ref of "crypto keyring", it should be used by isakmp profile.

Usage Guidelines

A keyring is a repository of preshared and Rivest, Shamir, and Adelman (RSA) public keys. The keyring is used in the ISAKMP profile configuration mode. The ISAKMP profile successfully completes authentication of peers if the peer keys are defined in the keyring that is attached to this profile.


The following example shows that a keyring and its usage have been defined:

crypto keyring vpnkeys

pre-shared-key address key vpnsecret

crypto isakmp profile vpnprofile

keyring vpnkeys