Not strictly NSP related, but does anyone have an example of a working config for L2TP over IPSec on an ASR1K? Specifically I'm trying to get this working for client-initiated VPN on workstations/laptops which are usually behind NAT.
Below is where I'm up to. The IPSec phase 1 & 2 SAs appear to come up, but I don't see any L2TP/VPDN debug messages on the ASR1K from my Mac test machine. Also if there's a simpler way to define the crypto config so that I don't need to apply a map to the loopback, tips would be appreciated! Regards, Tom vpdn enable vpdn-group l2tp-client-vpn ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 1 ! crypto isakmp policy 20 encr aes 256 authentication pre-share group 2 lifetime 3600 ! crypto isakmp key test address 0.0.0.0 ! crypto ipsec transform-set VPNSET-l2tp-users esp-aes 256 esp-sha-hmac mode transport ! crypto dynamic-map VPNMAP-dynamic-users 10 set transform-set VPNSET-l2tp-users ! crypto map VPNMAP-l2tp-users 10 ipsec-isakmp dynamic VPNMAP-dynamic-users ! interface Loopback0 ip address 192.0.2.1 255.255.255.255 no ip redirects ipv6 address 2001:db8::1/128 ipv6 enable no ipv6 redirects crypto map VPNMAP-l2tp-users ! interface Virtual-Template1 ip unnumbered Loopback0 peer default ip address pool l2tp-client-vpn-pool ppp authentication ms-chap _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
