VPN - VPN - L2TP/IPSec - IOS 12.3(11)T3 - Windows XP

This is Interesting: Free IT Magazines  
Home > Archive > VPN > March 2005 > VPN - L2TP/IPSec - IOS 12.3(11)T3 - Windows XP





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author VPN - L2TP/IPSec - IOS 12.3(11)T3 - Windows XP
Magistrator

2005-02-17, 5:45 pm

The point here is to create a dialin configuration on a router to
accept incoming L2TP/IPSec VPN requests.

After much searching and experimentation I ended with this
configuration:

!!!!!!!!!!!!!!!!!!!!!
!
!
crypto isakmp policy 1
authentication pre-share
encryption des
hash md5
group 1
lifetime 86400
crypto isakmp key 0 THEKEY address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set myTrans esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile myProfile
set transform-set myTrans
!
!
vpdn enable
!
vpdn-group vpnTeste
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 100
l2tp security crypto-profile myProfile
no l2tp tunnel authentication
ip mtu adjust
!
!
interface Virtual-Template 100
ip address 192.168.0.254 255.255.255.0
peer ip address forced
peer default ip address pool myPool
ppp lcp predictive
ppp encrypt mppe 128
ppp authentication ms-chap-v2
!
!!!!!!!!!!!!!!!!!!!!!!

I made the following required changes on Windows XP for a L2TP/IPSec
connection with Preshared Key Authentication:
http://support.microsoft.com/kb/240262

I configured de Windows XP VPN client accordingly.

While trying to connect, I monitored the comunication between my
Windows XP and the cisco Router.

Windows XP tried constantly to send a L2TP - SCCRQ Control message of
Start_Control_Request to the router. There was no kind of answer from
the router.
In L2TP with IPSec isn't the connection first secured with IKE
signalling between the two ends? If so, why does Windows start with a
L2TP control frame? Note that I selected to use the "Require
Encryption" on XPs VPN configuration.

At the router some debug messages showed what follows:

: L2TP: I SCCRQ from PENELOPE tnl 3
: Tnl 57478 L2TP: Tunnel Authorization started for host PENELOPE
: Tnl 57478 L2TP: New tunnel created for remote PENELOPE, address
10.0.0.100
: L2X: Tunnel author reply L2X info not found
: Tnl 57478 L2TP: Ignoring SCCRQ, vpdn-group vpnTest requires
security, however the SCCRQ was received unprotected
: Tnl 57478 L2TP: Shutdown tunnel


I ended a little confused.. Is this a windows problem?
Can anyone cast some light on this?
Anyone tried other configurations?

liminas_LT

2005-03-18, 7:45 am

What about success with this crazy stuf ?

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com