L2TP over IPsec on Cisco IOS Router

Posted: 15th Сентябрь 2016 by shmyak in Пингвин

Configuration on Cisco IOS router:

version 12.4

!

hostname L2TP

!

!

aaa new-model

!

!

aaa authentication ppp VPDN_AUTH local

!

!

vpdn enable

!

vpdn-group L2TP

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 1

no l2tp tunnel authentication

!

!

!

username cisco privilege 15 password 0 cisco

!

!

crypto isakmp policy 1

encr 3des

hash sha

authentication pre-share

group 2

lifetime 86400

!

!

crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0

!

!

crypto ipsec transform-set L2TP-Set2 esp-3des esp-sha-hmac

mode transport

!

crypto dynamic-map dyn-map 10

set nat demux

set transform-set L2TP-Set2 L2TP-Set

!

!

crypto map outside_map 65535 ipsec-isakmp dynamic dyn-map

!

!

!

interface Loopback0

ip address 192.168.47.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Loopback1

description loopback for IPsec-pool

ip address 1.1.1.11 255.255.255.255

!

interface FastEthernet0/0

ip address 47.47.47.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map outside_map

!

!

interface Virtual-Template1

ip unnumbered Loopback1

peer default ip address pool l2tp-pool

ppp authentication ms-chap-v2 VPDN_AUTH

!

!

!

ip local pool l2tp-pool 1.1.1.1 1.1.1.10

ip route 0.0.0.0 0.0.0.0 47.47.47.1

!

ip nat inside source list NAT interface FastEthernet0/0 overload

!

ip access-list extended NAT

deny ip 192.168.47.0 0.0.0.255 1.1.1.0 0.0.0.255

permit ip 192.167.47.0 0.0.0.255 any

!

!

!

End

 

https://supportforums.cisco.com/document/9878401/l2tp-over-ipsec-cisco-ios-router-using-windows-8

Вы должны войти на сайт, чтобы оставить комментарий.