VPN - L2TP/IPSec - IOS 12.3(11)T3 - Windows XP

Discussion in 'Cisco' started by Magistrator, Feb 17, 2005.

  1. Magistrator

    Magistrator Guest

    The point here is to create a dialin configuration on a router to
    accept incoming L2TP/IPSec VPN requests.

    After much searching and experimentation I ended with this
    configuration:

    !!!!!!!!!!!!!!!!!!!!!
    !
    !
    crypto isakmp policy 1
    authentication pre-share
    encryption des
    hash md5
    group 1
    lifetime 86400
    crypto isakmp key 0 THEKEY address 0.0.0.0 0.0.0.0
    !
    crypto ipsec transform-set myTrans esp-des esp-md5-hmac
    mode transport
    !
    crypto ipsec profile myProfile
    set transform-set myTrans
    !
    !
    vpdn enable
    !
    vpdn-group vpnTeste
    ! Default L2TP VPDN group
    accept-dialin
    protocol l2tp
    virtual-template 100
    l2tp security crypto-profile myProfile
    no l2tp tunnel authentication
    ip mtu adjust
    !
    !
    interface Virtual-Template 100
    ip address 192.168.0.254 255.255.255.0
    peer ip address forced
    peer default ip address pool myPool
    ppp lcp predictive
    ppp encrypt mppe 128
    ppp authentication ms-chap-v2
    !
    !!!!!!!!!!!!!!!!!!!!!!

    I made the following required changes on windows XP for a L2TP/IPSec
    connection with Preshared Key Authentication:
    http://support.microsoft.com/kb/240262

    I configured de Windows XP VPN client accordingly.

    While trying to connect, I monitored the comunication between my
    Windows XP and the Cisco Router.

    Windows XP tried constantly to send a L2TP - SCCRQ Control message of
    Start_Control_Request to the router. There was no kind of answer from
    the router.
    In L2TP with IPSec isn't the connection first secured with IKE
    signalling between the two ends? If so, why does Windows start with a
    L2TP control frame? Note that I selected to use the "Require
    Encryption" on XPs VPN configuration.

    At the router some debug messages showed what follows:

    : L2TP: I SCCRQ from PENELOPE tnl 3
    : Tnl 57478 L2TP: Tunnel Authorization started for host PENELOPE
    : Tnl 57478 L2TP: New tunnel created for remote PENELOPE, address
    10.0.0.100
    : L2X: Tunnel author reply L2X info not found
    : Tnl 57478 L2TP: Ignoring SCCRQ, vpdn-group vpnTest requires
    security, however the SCCRQ was received unprotected
    : Tnl 57478 L2TP: Shutdown tunnel


    I ended a little confused.. Is this a windows problem?
    Can anyone cast some light on this?
    Anyone tried other configurations?
    Magistrator, Feb 17, 2005
    #1
    1. Advertising

  2. Magistrator

    liminas_LT Guest

    What about success with this crazy stuf ?
    liminas_LT, Mar 18, 2005
    #2
    1. Advertising

  3. Magistrator

    Lynne

    Joined:
    Jan 24, 2008
    Messages:
    2
    Did you ever figure this out?

    I am struggling with the exact same issue.

    Did you ever figure this out?

    thanks,

    Lynne
    Lynne, Jan 24, 2008
    #3
  4. Magistrator

    Lynne

    Joined:
    Jan 24, 2008
    Messages:
    2
    Did you ever figure this out

    I have the exact same problem.

    Did you ever figure this out?

    thanks,

    Lynne
    Lynne, Jan 24, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David

    IPSec vs. L2TP/IPsec vs. PPTP

    David, Jan 7, 2004, in forum: Cisco
    Replies:
    0
    Views:
    6,745
    David
    Jan 7, 2004
  2. ent
    Replies:
    0
    Views:
    1,202
  3. Gary
    Replies:
    2
    Views:
    2,065
  4. AM
    Replies:
    1
    Views:
    522
  5. AM
    Replies:
    0
    Views:
    430
Loading...

Share This Page