Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > VPN - L2TP/IPSec - IOS 12.3(11)T3 - Windows XP

Reply
Thread Tools

VPN - L2TP/IPSec - IOS 12.3(11)T3 - Windows XP

 
 
Magistrator
Guest
Posts: n/a
 
      02-17-2005
The point here is to create a dialin configuration on a router to
accept incoming L2TP/IPSec VPN requests.

After much searching and experimentation I ended with this
configuration:

!!!!!!!!!!!!!!!!!!!!!
!
!
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto isakmp key 0 THEKEY address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set myTrans esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile myProfile
set transform-set myTrans
!
!
vpdn enable
!
vpdn-group vpnTeste
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 100
l2tp security crypto-profile myProfile
no l2tp tunnel authentication
ip mtu adjust
!
!
interface Virtual-Template 100
ip address 192.168.0.254 255.255.255.0
peer ip address forced
peer default ip address pool myPool
ppp lcp predictive
ppp encrypt mppe 128
ppp authentication ms-chap-v2
!
!!!!!!!!!!!!!!!!!!!!!!

I made the following required changes on windows XP for a L2TP/IPSec
connection with Preshared Key Authentication:
http://support.microsoft.com/kb/240262

I configured de Windows XP VPN client accordingly.

While trying to connect, I monitored the comunication between my
Windows XP and the Cisco Router.

Windows XP tried constantly to send a L2TP - SCCRQ Control message of
Start_Control_Request to the router. There was no kind of answer from
the router.
In L2TP with IPSec isn't the connection first secured with IKE
signalling between the two ends? If so, why does Windows start with a
L2TP control frame? Note that I selected to use the "Require
Encryption" on XPs VPN configuration.

At the router some debug messages showed what follows:

: L2TP: I SCCRQ from PENELOPE tnl 3
: Tnl 57478 L2TP: Tunnel Authorization started for host PENELOPE
: Tnl 57478 L2TP: New tunnel created for remote PENELOPE, address
10.0.0.100
: L2X: Tunnel author reply L2X info not found
: Tnl 57478 L2TP: Ignoring SCCRQ, vpdn-group vpnTest requires
security, however the SCCRQ was received unprotected
: Tnl 57478 L2TP: Shutdown tunnel


I ended a little confused.. Is this a windows problem?
Can anyone cast some light on this?
Anyone tried other configurations?

 
Reply With Quote
 
 
 
 
liminas_LT
Guest
Posts: n/a
 
      03-18-2005
What about success with this crazy stuf ?

 
Reply With Quote
 
 
 
 
Lynne Lynne is offline
Junior Member
Join Date: Jan 2008
Posts: 2
 
      01-24-2008
I am struggling with the exact same issue.

Did you ever figure this out?

thanks,

Lynne
 
Reply With Quote
 
Lynne Lynne is offline
Junior Member
Join Date: Jan 2008
Posts: 2
 
      01-24-2008
I have the exact same problem.

Did you ever figure this out?

thanks,

Lynne
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
easy vpn IOS - vpn clients cannot acces another network behind nat teodor General Computer Support 0 08-20-2009 11:51 AM
instructions on how to perform an IOS upgrade on a Catalyst 6500 switch (IOS to IOS) Mike Rahl Cisco 1 05-30-2007 05:22 PM
VPN - Cisco IOS <-> VPN Client - problem Jarosław Skórka Cisco 1 02-01-2005 11:32 AM
IOS to IOS VPN Problem Evan Mann Cisco 0 02-11-2004 04:42 PM
Building VPN's: Static/Dynamic//IOS/PIX/Cisco VPN Client/ all at the same time hk Cisco 0 11-25-2003 02:47 AM



Advertisments