Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member


I have 2811 router.

Trying to connect to customer via VPN "L2TP IPSec". Cannot connect.

How do I verify my router is allowing me to connect to customer VPN using IPSec?

New Member

Re: L2TP IPSec

PS... the VPN is Windows Network connection.

Re: L2TP IPSec

Keith, you need to allow through the IPsec ports udp 500, udp 4500 and protocol 50 esp.

create an inbound access list allowing these IPsect ports and apply acl to your outbound interface. Are you using Cisco vpn client on the windows machine? or are you using PPTP ? if using PPTP you need tcp 1723 and allow GRE protocol 47 .



New Member

Re: L2TP IPSec

Can you give me an example of what the command parameters might look like?

like: 10 permit udp any any

Re: L2TP IPSec

You can try :

access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log

access-list 101 permit tcp any any eq 1723 log

access-list 101 permit gre any any log

apply acl-101 to outbound interface

access-group 101 in

if you want to be more especific with acl then create one specifying destination host.

New Member

Re: L2TP IPSec

The connection properties is created in Windows. As far as I know, Its suppose to be L2TP IPSec VPN connection. No Cisco VPN client software is being used.

Re: L2TP IPSec

ok then omit in above acl udp 500, 4500 and esp protoco, if vpn clinent is the mricrosoft version it is the pptp.