[cisco-bba] L2TP?

Jabriel Tezser Jabriel at solusiakses.com
Thu Mar 31 04:20:01 EST 2005 

Hi All,
I have a problem when creating L2TP.
I've devices Cisco 3745 operated as LNS and Cisco AS5300 operated as LAC.
But when I trying connecting my windows to LAC with VPN(L2TP) connection, 
Windows can't opening tunnel from LAC, does any body can help me to solved 
this? 
Btw, how to try L2TP using windows? maybe I had misconfiguration on my 
windows :)
Thanks alot before.
Regards,
Jabriel

below my configuration:
Cisco 3745:

Building configuration...

Current configuration : 6326 bytes
!
version 12.3
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname backbone-3745
!
boot-start-marker
boot system flash:c3745-jk9s-mz.123-9a.bin
boot system flash 
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 5
logging buffered 16384 debugging
enable secret 5 xxxxxxxxxxxxxx
!
username jabriel privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
clock timezone Bangkok 7
aaa new-model
!
!
aaa authentication ppp default local
aaa session-id common
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
!
!
ip domain name x.com
ip name-server x.x.3.7
!
no ip bootp server
ip cef
!
sgbp group MMPPP
vpdn enable
vpdn multihop
vpdn search-order domain  
!
vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
  l2tp tunnel password 7 xxxxxxxxxxxxxxx
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.240
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 description Local Network$FW_INSIDE$$ETH-LAN$
 ip address 192.168.1.20 255.255.255.0
 ip route-cache flow
 speed 100
 full-duplex
 no cdp enable
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 shutdown
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface Virtual-Template1
 description $FW_INSIDE$
 ip unnumbered Loopback0
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 peer default ip address pool CISCO
 ppp authentication chap vpdn
 ppp multilink
!
ip local pool CISCO 10.1.1.2 10.1.1.14
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
no cdp run
!
!
!
line con 0
 transport output ssh
line aux 0
 transport output ssh
line vty 0 4
 access-class 100 in
 privilege level 15
 transport input ssh
 transport output ssh
line vty 5 15
 access-class 100 in
 privilege level 15
 transport input ssh
 transport output ssh
!
scheduler allocate 4000 1000
ntp server 63.79.122.67 prefer
end

Cisco AS5300:

!
version 12.2
no parser cache
service tcp-keepalives-in
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname AS5300-IND
!
boot system flash 
logging buffered 16384 debugging
logging console notifications
aaa new-model
aaa authentication ppp default local
aaa authorization exec default group radius local 
aaa authorization network default group radius local 
aaa accounting delay-start
aaa accounting update periodic 1
aaa accounting exec default start-stop group radius
aaa accounting network default wait-start group radius
aaa processes 6
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username jabriel password 7 xxxxxxxxxxxxxxxxx
!
!
resource-pool disable
!
call rsvp-sync
clock timezone US -5
clock summer-time EST recurring
ip subnet-zero
no ip source-route
ip cef
no ip domain-lookup
!
vpdn enable
vpdn multihop
vpdn search-order domain 
!
vpdn-group 1
 request-dialin
  protocol l2tp
  domain x.com
 initiate-to ip 192.168.1.20  priority 1
 local name LAC
 l2tp tunnel password 7 xxxxxxxxxxxx
!
interface Ethernet0
 no ip address
 shutdown
!
interface FastEthernet0
 ip address 192.168.1.10 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0.1
!
ip classless
no ip http server
ip pim bidir-enable
ip rtcp report interval 10000 
!
gateway 
 resource threshold high 100 low 95
!
!
line con 0
line aux 0
line vty 0 4
 access-class 10 in
 exec-timeout 0 0
!
facility-alarm detect interface FastEthernet0
!
end




-- 
----------------------------
Jabriel A. Tezser
PT. Solusi Aksesindo Pratama
Jl. Gunawarman No. 67
Kebayoran Baru - Jakarta 12180
Phone: 62 21 739 6364
Fax: 62 21 739 8621
Mobile: 62 815 13000 370

More information about the cisco-bba mailing list