Hello,
I am trying to configure L2TP/IPSEC vpn on my 1941 router but without any luck. Easy VPN and ANyconnect are configured and work very well, but with L2TP no luck. Here is my config. When I try to connect from Windows 7 machine it gives the following
Feb 15 06:43:00.095: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is UP . Peer 46.12.209.156:54970 Id: 192.168.241.137
Feb 15 06:43:35.195: %CRYPTO-5-SESSION_STATUS: Crypto tunnel is DOWN. Peer 46.12.209.156:54970 Id: 192.168.241.137
What can be the problem?
aaa authentication login default local
aaa authentication login un-aaa local
aaa authentication login SSLVPN-LOGIN group ldap
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization network un-aaa local
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 2
no l2tp tunnel authentication
ip pmtu
ip mtu adjust
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-3.1.04059-k9.pkg sequence 1
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-macosx-i386-3.1.04059-k9.pkg sequence 2
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-linux-3.1.04059-k9.pkg sequence 3
!
crypto vpn anyconnect flash0:/webvpn/anyconnect-linux-64-3.1.04059-k9.pkg sequence 4
!
!Below is for L2TP/IPSEC
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
!
!Below is for EasyVPN
crypto isakmp policy 120
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10 periodic
crypto isakmp client configuration address-pool local un-easy-vpn
crypto isakmp client configuration group comp
key tr$#pol
dns 192.168.0.3 192.168.0.4
pool un-easy-vpn
pfs
max-users 10
max-logins 2
!
crypto isakmp profile un-easy-vpn-profile-1
match identity group comp
client authentication list un-aaa
isakmp authorization list un-aaa
client configuration address respond
virtual-template 120
crypto ipsec security-association idle-time 1800
!
crypto ipsec transform-set un-ipsec-trans esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec transform-set L2TP-TSET-AES esp-aes esp-sha-hmac
mode transport
crypto ipsec transform-set L2TP-TSET-3DES esp-3des esp-md5-hmac
mode transport
!
!
crypto ipsec profile un-ipsec-profile-1
set transform-set un-ipsec-trans
set isakmp-profile un-easy-vpn-profile-1
!
!
!
crypto dynamic-map L2TP-DYN-MAP 10
set nat demux
set transform-set L2TP-TSET-AES
crypto dynamic-map L2TP-DYN-MAP 20
set nat demux
set transform-set L2TP-TSET-3DES
!
!
!
!
!
crypto map L2TP-CMAP 10 ipsec-isakmp dynamic L2TP-DYN-MAP
interface Loopback2
ip address 192.168.160.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface Loopback120
description VPN Termination Point
ip address 192.168.120.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
interface GigabitEthernet0/0
description Interface to ISP
ip address 19.20.189.23 255.255.255.0
ip nat outside
ip virtual-reassembly in max-fragments 64 max-reassemblies 1024
ip virtual-reassembly out max-fragments 64 max-reassemblies 1024
ip load-sharing per-packet
zone-member security out-zone
duplex auto
speed auto
no cdp enable
crypto map L2TP-CMAP
interface Virtual-Template2
description L2TP over IPSec Template
ip unnumbered Loopback2
ip nat inside
ip virtual-reassembly in
peer default ip address pool PPTP-POOL
no keepalive
ppp mtu adaptive
ppp encrypt mppe 128 required
ppp authentication ms-chap-v2 chap callin
!
interface Virtual-Template120 type tunnel
description Easy vpn
ip unnumbered Loopback120
ip nat inside
ip virtual-reassembly in
zone-member security vpn
tunnel mode ipsec ipv4
tunnel protection ipsec profile un-ipsec-profile-1
ip local pool un-easy-vpn 192.168.120.1 192.168.120.100
ip local pool SSLVPN 192.168.130.1 192.168.130.30
ip local pool un-guest-vpn 192.168.140.1 192.168.140.10
ip local pool PPTP-POOL 192.168.160.10 192.168.160.200
Thanks in advance!
