Pagina 1 di 1

configurazione CLIENT vpn l2tp-ipsec

Inviato: lun 31 lug , 2017 10:55 pm
da consultazione
vorrei configurare un router per fare da client l2tp/ipsec

ho provato varie configurazioni, ma non va, il tunnel viene distrutto

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system usbflash0:c2800nm-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
l2tp-class l2tpclass1
hidden
authentication
password ***********CHIAVE_PRE_SHARED************
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
redundancy
!
!
pseudowire-class pwclass1
encapsulation l2tpv2
protocol l2tpv2 l2tpclass1
ip local interface GigabitEthernet0/0
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 81.xx.xx.75 255.255.255.248
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto


interface Virtual-PPP1
ip address negotiated
ip mtu 1460
ip flow ingress
ip flow egress
ip virtual-reassembly in
ip tcp adjust-mss 1420
ppp chap hostname ******USERNAME********
ppp chap password 0 ******PASSWORD********
pseudowire ******SERVER_VPN_IP******* 10 pw-class pwclass1
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

i dati che ho sono:
- nome utente
- password
- ip del server vpn
- chiave precondivisa


avevo fatte varie prove senza successo, questa e' una delle ultime.. stavo provando a far dialogare il client (questo) con il server (un altro router) stesso in rete locale, senza uscire su internet per escludere problemi esterni ma non va

mi date una mano ?
vi posso postare anche la configurazione del server vpn, che funziona bene, infatti posso connettermi da pc windows, linux, cellualare android ecc senza problemi

Re: configurazione CLIENT vpn l2tp-ipsec

Inviato: lun 31 lug , 2017 11:11 pm
da consultazione
questa e' la configurazione del server vpn (funzionante)
version 15.1
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot system flash c2800nm-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
!
enable secret 5 ...............................
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization network default local if-authenticated
!
!
!
!
!
aaa session-id common
!
clock timezone Rome 1 0
clock summer-time Rome recurring last Sun Mar 2:00 last Sun Oct 3:00
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip name-server 151.99.0.100
ip name-server 151.99.125.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!+
archive
log config
hidekeys
username YYYYYYYYYYYYY password 0 XXXXXXXXXXXXXXX


!
redundancy
!
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key ***********CHIAVE_PRE_SHARED**************** address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp keepalive 3600
!
!
crypto ipsec transform-set ipnetconfig esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map ipnetconfig-map 10
set nat demux
set transform-set ipnetconfig
!
!
crypto map cisco 10 ipsec-isakmp dynamic ipnetconfig-map
!
!
!
!
!
!
interface GigabitEthernet0/0
description lan interna
ip address 192.168.14.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description lan pubblica
ip address 81.xx.xx.74 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map cisco
!

interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
ip nat inside
ip virtual-reassembly in
peer default ip address pool poolipnetconfig
ppp encrypt mppe 40
ppp authentication ms-chap-v2
!
ip local pool poolipnetconfig 192.168.14.50 192.168.14.100
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool BB 81.xx.xx.74 81.xx.xx.74 netmask 255.255.255.248
ip nat inside source list 20 pool BB overload
ip route 0.0.0.0 0.0.0.0 81.xx.xx.73
!
access-list 20 permit 192.168.0.0 0.0.255.255
no cdp run
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 240 0
transport input none
!
scheduler allocate 20000 1000
ntp server 212.45.144.88 prefer
end



mi date una mano a configurare un router come client vpn a questo server?
grazie mille