Menu

Cisco L2TP Dial-in

To continue my previous post, another major way of connecting to the internet is L2TP/PPTP VPN,
The option of the PPTP I already covered in one of the previous post's (PPTP VPN to a Cisco router)
Now for the L2TP – to demonstrate this I used GNS3 with the same topology as the previous post,
*To download the ready GNS3 topology click here 


On Server side :

Enable VPDN and configure a group
Server(config)#vpdn enable
Server(config)#vpdn-group L2TP
Server(config-vpdn)# no l2tp tunnel authentication
Server(config-vpdn)#  lcp renegotiation always
Server(config-vpdn)# accept-dialin
Server(config-vpdn-acc-in)#  protocol l2tp
Server(config-vpdn-acc-in)#  virtual-template 1
The pool of IP's for the client
Server(config)#ip local pool MyPool 1.1.1.1 1.1.1.10
Create a user for the authentication 
Server(config)# username test password 0 qwe123
Configure the template
Server(config)#interface Virtual-Template1
Server(config-if)# ip unnumbered FastEthernet0/0
Server(config-if)# peer default ip address pool MyPool
Server(config-if)# ppp authentication pap callin
Server(config-if)# ppp mtu adaptive
Configure phase 1
Server(config)#crypto isakmp policy 5
Server(config-isakmp)# encr 3des
Server(config-isakmp)# authentication pre-share
Server(config-isakmp)# group 2
Configure phase 2
Server(config)#crypto ipsec transform-set MySet esp-3des esp-sha-hmac
Advanced tunnel settings
Server(config)#crypto dynamic-map MyMap 10
Server(config-crypto-map)# set transform-set MySet
Append the settings to a crypto map
Server(config)#crypto map L2TP-MAP 10 ipsec-isakmp dynamic MyMap
Apply the crypto map on the desired interface
Server(config)#interface FastEthernet0/0
Server(config-if)# ip address 172.20.0.1 255.255.0.0
Server(config-if)# crypto map L2TP-MAP
Now to the client :

Create the class for L2TP
Client(config)#pseudowire-class L2TPv2
Client(config)#encapsulation l2tpv2
Create the dialer
Client (config)#interface Virtual-PPP1
Client (config-if)# ip address negotiated
Client (config-if)#ip virtual-reassembly
Client (config-if)#ppp pap sent-username test password qwe123
Client (config-if)#pseudowire 172.20.0.1 2 pw-class L2TPv2
and in case of WAN access 
Client(config)# ip route 0.0.0.0 0.0.0.0 Virtual-PPP1

P.S
By default an windows XP client will not be able to connect unless we make changes to the registry and add a service  on it, To allow a client to connect anyway add the L2TP key on both sides
On the server
Server(config)# crypto isakmp key 123 address 0.0.0.0 0.0.0.0 no-xauth
On the client add it under security tab in "IPSec settings"



Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N

LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR
By

4 comments:

  1. Anonymous24 September, 2012 14:37

    Hello,
    I tried to make a VPN L2TP as StrongVPN to make my anonymous connections. I would have preferred to use VPN IPsec, but no provider offers in reasonable price. I looking for if anyone has a configuration example of how to make an l2tp vpn client connection with cisco 880 serie. I saw that you know a PPTP and L2TP connection on Cisco router and I tell me that you could help me.
    Best regards,
    Gus

    ReplyDelete
    Replies
    1. Valentine Gutkin10 October, 2012 15:17

      Sorry but i did not understand the question,
      what is the Cisco in you'r scenario the client, the server or just the router you need to pass through ?

      I posted both client and server configuration that i tested on a Cisco 870 so basically it should work on 880 also - just make sure it's allowed by the License of the device..

      Delete
  2. hmiranda11 March, 2013 22:49

    thanks the best tutorial found on the web works perfect!!!

    Hector

    ReplyDelete
  3. Anonymous30 August, 2019 21:26

    Hi All,

    I need vpdn L2TP with nating because in client machine should ne coming my global ip because that ip address we can able access our client portal, Please you provide the configuration

    gtsreddy

    ReplyDelete

Subscribe to: Post Comments (Atom)