L2TP over IPsec server

Configure L2TP IPSec VPN Server On Cisco Router
[10:29 AM | 18 comments ]
Cisco router can be used as VPN server, using L2TP and IPSec, for client from internet accesing private network.

Below are steps for configuring L2TP IPSec on Cisco router,
1. Enable aaa authentication and create user,
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
user cisco password cisco
2. Enable VPDN and configure VPDN group
vpdn enable
vpdn-group L2TP
! Default L2TP VPDN group
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
3. Configure authentication methode. Using pre-shared key is the best and simple methode.
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key cisco address no-xauth
crypto isakmp keepalive 3600
4. Configure IPSec
crypto ipsec transform-set ipnetconfig esp-3des esp-sha-hmac
mode transport
crypto dynamic-map ipnetconfig-map 10
set nat demux
set transform-set ipnetconfig
crypto map cisco 10 ipsec-isakmp dynamic ipnetconfig-map
interface FastEthernet0/0
ip address
duplex auto
speed auto
crypto map cisco
5. Create Vitrual_Template
interface Virtual-Template1
ip unnumbered FastEthernet0/0
peer default ip address pool poolipnetconfig
ppp encrypt mppe 40
ppp authentication ms-chap-v2
6. Create IP Pool for user
ip local pool poolipnetconfig


Запись опубликована в рубрике Cisco, Security, Блог с метками . Добавьте в закладки постоянную ссылку.