Saturday, June 05, 2010

L2tp over IPsec - testing configuration.

This is a configuration based on an actual customer's setup.
I keep it whenever I need to implement L2tp over IPsec on Cisco routers.

Spoke config 
--------------
l2tp-class l2tpclass1
!
pseudowire-class pwclass1
 encapsulation l2tpv2
 ip local interface FastEthernet0/0
!         
interface Virtual-PPP10
 ip address negotiated
 no peer neighbor-route
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username cisco password 0 cisco
 pseudowire 1.1.1.1 31 pw-class pwclass1
!         
dialer-list 31 protocol ip permit 

ip route 10.0.0.0 255.0.0.0 Virtual-PPP10
--------------
 
HUB config 
--------------
vpdn enable
vpdn tunnel accounting network default
vpdn session accounting network default
!
vpdn-group DailIn-L2TP/IPsec
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 100
 lcp renegotiation on-mismatch
 no l2tp tunnel authentication
 l2tp tunnel timeout setup 60
 ip pmtu
!
!
username cisco privilege 15 password cisco
!
crypto keyring RING
  pre-shared-key address 0.0.0.0 0.0.0.0 key cisco
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp key cisco address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 30 5
crypto isakmp aggressive-mode disable
crypto isakmp profile L2TP
   description L2TP/IPsec HW CLients Profile
   keyring RING
   match identity address 0.0.0.0
!
!
crypto ipsec transform-set ICW esp-aes 256 esp-sha-hmac
 mode transport
crypto dynamic-map CryDynMapICW 10
 set nat demux
 set security-association lifetime kilobytes 3145728
 set transform-set ICW
 set pfs group5
 set isakmp-profile L2TP
 reverse-route
!
!
crypto map CryMapICW local-address Ethernet0/0
crypto map CryMapICW 10 ipsec-isakmp dynamic CryDynMapICW
!
!
interface Loopback100
 description L2TP Address
 ip address 10.255.0.1 255.255.255.255
!
interface Ethernet0/0
 ip address 1.1.1.1 255.255.255.0
 crypto map CryMapICW
!
interface Virtual-Template100
 ip unnumbered Loopback100
 peer default ip address pool L2TPOOL
 ppp chap hostname cisco
 ppp chap password 0 cisco
!
ip local pool L2TPOOL 5.5.5.1 5.5.5.254
------------------




No comments: