Configure L2TP IPSec VPN Server On Cisco Router
[10:29 AM | 18 comments ]
Cisco router can be used as VPN server, using L2TP and IPSec, for client from internet accesing private network.
Below are steps for configuring L2TP IPSec on Cisco router,
1. Enable aaa authentication and create user,
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
user cisco password cisco
2. Enable VPDN and configure VPDN group
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
3. Configure authentication methode. Using pre-shared key is the best and simple methode.
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 3600
4. Configure IPSec
crypto ipsec transform-set ipnetconfig esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map ipnetconfig-map 10
set nat demux
set transform-set ipnetconfig
!
!
crypto map cisco 10 ipsec-isakmp dynamic ipnetconfig-map
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
duplex auto
speed auto
crypto map cisco
5. Create Vitrual_Template
interface Virtual-Template1
ip unnumbered FastEthernet0/0
peer default ip address pool poolipnetconfig
ppp encrypt mppe 40
ppp authentication ms-chap-v2
6. Create IP Pool for user
ip local pool poolipnetconfig 172.31.1.1 172.31.1.6
http://blogconfigs.blogspot.ru/2010/07/configure-l2tp-ipsec-vpn-server-on.html