Sort of...I have tried this a few times, but it doesn't seem to initiate anything.
Here is an idea of what I want to do: via a route-map clients on lan1 accessing http site x-----------------2821------------l2tp over ipsec vpn------------VPN SERVICE PROVIDER In that config it shows dialup clients which I don't have, and so I don't understand how the 2821 can initiate the l2tp vpn? This is the configuration I have tried, and after enabling all of the debugs I can find, if have found that it does nothing. vpdn enable vpdn-group 1 request-dialin protocol l2tp initiate-to ip 200.200.200.1 ! crypto isakmp policy 1 authentication pre-share group 2 lifetime 3600 crypto isakmp key cisco address 200.200.200.1 ! crypto ipsec transform-set testtrans esp-des ! crypto map l2tpmap 10 ipsec-isakmp set peer 200.200.200.1 set transform-set testtrans match address 101 ! interface Ethernet0 ip address 10.10.10.1 255.255.255.0 ip nat inside ! interface vlan 800 ip address 65.65.65.1 255.255.255.224 (external interface) ip nat outside crypto map l2tpmap ! access-list 101 permit udp host 20.1.1.1 eq 1701 host 20.1.1.2 eq 1701 ! Thanks, Dan. On Sun, May 30, 2010 at 1:04 AM, Sercan Aktas <[email protected]> wrote: > Sorry, here is the link... > > http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_examp > le09186a0080093f6f.shtml#diag > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Sercan Aktas > Sent: Sunday, May 30, 2010 9:50 AM > To: 'Dan Letkeman > Cc: 'cisco-nsp' > Subject: Re: [c-nsp] ios l2tp ipsec vpn help > > Hi Dan, > > Have a look this simple example on CCO for configuring L2TP over IPSec. > > I guess your router should be configured as LAC for your clients and then > initiate a session to the LNS located at your VPN SP. Then the L2TP session > between your router (LAC) and your provider router (LNS) should be encrypted > using IPSec. > > I hope this is what you are looking for. > > Sercan > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Dan Letkeman > Sent: Sunday, May 30, 2010 7:38 AM > To: cisco-nsp > Subject: [c-nsp] ios l2tp ipsec vpn help > > I'm struggling with getting a connection to our vpn service provider > from our 2821 router. I would like to terminate the vpn on the router > so I can route certain traffic through the vpn. Example info I got > from our vpn provider is: > > address: vpn.provider.com > username: user > password: pass > l2tp shared secret: asdfasdfasdfasfd > > They support l2tp over ipsec, pptp and sstp. > > >From the research I have done so far, I have found that ios does not > support outgoing pptp connections, and I cannot for the life of me > find a working l2tp over ipsec configuration that makes sense. I do > have an hwic-4esw card in the router that I am trying to make the vpn > connection from, so I'm wondering if that is where i'm having the > trouble....I'm also running NAT on the interfaces on this router, > which could also be part of my problem. > > I'm a bit confused with the LAC, LNS, client-initiated, client peer, > lan to lan, etc, configurations on the Cisco site. I'm assuming that > i should not be setting up my router as an LAC, but instead as a > client? > > Does anyone know if this even works? Or is the vpn support on an IOS > router only for router to router configurations? > > Thanks, > Dan. > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > Note:The information contained in this message may be privileged and > confidential and protected from disclosure . If the reader of this message > is not the > intended recipient, or an employee or agent responsible for delivering this > message to the intended recipient, you are hereby notified that any > dissemination, distribution or copying of this communication is strictly > prohibited. If you have received this communication in error, please notify > us > immediately by replying to the message and deleting it from your computer. > Thankyou. ThruPoint Ltd. > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > Note:The information contained in this message may be privileged and > confidential and protected from disclosure . If the reader of this message is > not the > intended recipient, or an employee or agent responsible for delivering this > message to the intended recipient, you are hereby notified that any > dissemination, distribution or copying of this communication is strictly > prohibited. If you have received this communication in error, please notify us > immediately by replying to the message and deleting it from your computer. > Thankyou. ThruPoint Ltd. > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
