[cisco-bba] L2TP?

Dennis Peng dpeng at cisco.com
Thu Mar 31 13:59:48 EST 2005


You'll need a "accept-dialin" vpdn-group on the LAC similar to what
you have on the LNS. Also, if you are using windows, it normally does
L2TP/IPsec. You have to change a registry to skip out on IPsec:

http://support.microsoft.com/default.aspx?scid=kb;en-us;q310109&sd=tech

If you still can't get it to work, take a look at the following debugs
on both the LAC and LNS, or post them here:

debug ppp negot
debug vpdn l2x-ev
debug vpdn l2x-pa
debug vpdn l2x-er

Dennis

Jabriel Tezser [Jabriel at solusiakses.com] wrote:
> Hi All,
> I have a problem when creating L2TP.
> I've devices Cisco 3745 operated as LNS and Cisco AS5300 operated as LAC.
> But when I trying connecting my windows to LAC with VPN(L2TP) connection, 
> Windows can't opening tunnel from LAC, does any body can help me to solved 
> this? 
> Btw, how to try L2TP using windows? maybe I had misconfiguration on my 
> windows :)
> Thanks alot before.
> Regards,
> Jabriel
> 
> below my configuration:
> Cisco 3745:
> 
> Building configuration...
> 
> Current configuration : 6326 bytes
> !
> version 12.3
> service config
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname backbone-3745
> !
> boot-start-marker
> boot system flash:c3745-jk9s-mz.123-9a.bin
> boot system flash 
> boot-end-marker
> !
> security authentication failure rate 3 log
> security passwords min-length 5
> logging buffered 16384 debugging
> enable secret 5 xxxxxxxxxxxxxx
> !
> username jabriel privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
> clock timezone Bangkok 7
> aaa new-model
> !
> !
> aaa authentication ppp default local
> aaa session-id common
> ip subnet-zero
> no ip source-route
> ip tcp synwait-time 10
> !
> !
> ip domain name x.com
> ip name-server x.x.3.7
> !
> no ip bootp server
> ip cef
> !
> sgbp group MMPPP
> vpdn enable
> vpdn multihop
> vpdn search-order domain  
> !
> vpdn-group 1
>  accept-dialin
>   protocol l2tp
>   virtual-template 1
>   l2tp tunnel password 7 xxxxxxxxxxxxxxx
> !
> !
> interface Loopback0
>  ip address 10.1.1.1 255.255.255.240
> !
> interface Null0
>  no ip unreachables
> !
> interface FastEthernet0/0
>  description Local Network$FW_INSIDE$$ETH-LAN$
>  ip address 192.168.1.20 255.255.255.0
>  ip route-cache flow
>  speed 100
>  full-duplex
>  no cdp enable
>  no mop enabled
> !
> interface FastEthernet0/1
>  no ip address
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip route-cache flow
>  shutdown
>  duplex auto
>  speed auto
>  no cdp enable
>  no mop enabled
> !
> interface Virtual-Template1
>  description $FW_INSIDE$
>  ip unnumbered Loopback0
>  ip verify unicast reverse-path
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip route-cache flow
>  peer default ip address pool CISCO
>  ppp authentication chap vpdn
>  ppp multilink
> !
> ip local pool CISCO 10.1.1.2 10.1.1.14
> ip http server
> ip http access-class 1
> ip http authentication local
> ip http secure-server
> ip http timeout-policy idle 600 life 86400 requests 10000
> ip classless
> ip route 0.0.0.0 0.0.0.0 192.168.1.1
> !
> !
> no cdp run
> !
> !
> !
> line con 0
>  transport output ssh
> line aux 0
>  transport output ssh
> line vty 0 4
>  access-class 100 in
>  privilege level 15
>  transport input ssh
>  transport output ssh
> line vty 5 15
>  access-class 100 in
>  privilege level 15
>  transport input ssh
>  transport output ssh
> !
> scheduler allocate 4000 1000
> ntp server 63.79.122.67 prefer
> end
> 
> Cisco AS5300:
> 
> !
> version 12.2
> no parser cache
> service tcp-keepalives-in
> service timestamps debug datetime localtime show-timezone
> service timestamps log datetime localtime show-timezone
> service password-encryption
> service udp-small-servers
> service tcp-small-servers
> !
> hostname AS5300-IND
> !
> boot system flash 
> logging buffered 16384 debugging
> logging console notifications
> aaa new-model
> aaa authentication ppp default local
> aaa authorization exec default group radius local 
> aaa authorization network default group radius local 
> aaa accounting delay-start
> aaa accounting update periodic 1
> aaa accounting exec default start-stop group radius
> aaa accounting network default wait-start group radius
> aaa processes 6
> enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> username jabriel password 7 xxxxxxxxxxxxxxxxx
> !
> !
> resource-pool disable
> !
> call rsvp-sync
> clock timezone US -5
> clock summer-time EST recurring
> ip subnet-zero
> no ip source-route
> ip cef
> no ip domain-lookup
> !
> vpdn enable
> vpdn multihop
> vpdn search-order domain 
> !
> vpdn-group 1
>  request-dialin
>   protocol l2tp
>   domain x.com
>  initiate-to ip 192.168.1.20  priority 1
>  local name LAC
>  l2tp tunnel password 7 xxxxxxxxxxxx
> !
> interface Ethernet0
>  no ip address
>  shutdown
> !
> interface FastEthernet0
>  ip address 192.168.1.10 255.255.255.0
>  duplex auto
>  speed auto
> !
> interface FastEthernet0.1
> !
> ip classless
> no ip http server
> ip pim bidir-enable
> ip rtcp report interval 10000 
> !
> gateway 
>  resource threshold high 100 low 95
> !
> !
> line con 0
> line aux 0
> line vty 0 4
>  access-class 10 in
>  exec-timeout 0 0
> !
> facility-alarm detect interface FastEthernet0
> !
> end
> 
> 
> 
> 
> -- 
> ----------------------------
> Jabriel A. Tezser
> PT. Solusi Aksesindo Pratama
> Jl. Gunawarman No. 67
> Kebayoran Baru - Jakarta 12180
> Phone: 62 21 739 6364
> Fax: 62 21 739 8621
> Mobile: 62 815 13000 370
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba


More information about the cisco-bba mailing list