L2TP PPP login

Cisco Security

 

L2TP over IPsec on Cisco IOS

! Enable L2TP
! - Connect VPN clients to VRF private

! Must use "password" ("secret" won't work)
username roadwarrior password 0 <removed>

aaa authentication ppp l2tp-auth local-case

ip local pool l2tp-pool 10.1.11.100 10.1.11.199

vpdn enable

interface Virtual-Template1
 ip unnumbered Loopback0
 peer default ip address pool l2tp-pool
 ppp mtu adaptive
 ppp authentication ms-chap-v2 l2tp-auth
!

vpdn-group l2tp-group
 ! Default L2TP VPDN group
 description L2TP clients
 accept-dialin
  protocol l2tp
  virtual-template 1
!
no l2tp tunnel authentication
!

! ISAKMP policy:
! - OS X offers aes 256 and 128 (but not 192)
! - SHA1 is the default hash on Cisco IOS (does not show up in config)
! - OS X doesn't offer any of the PFS groups

crypto isakmp policy 50
 encr aes 256
 authentication pre-share
 group 2
 lifetime 14400
!

! Internet is connected to VRF cable
crypto keyring l2tp-ring vrf cable
  pre-shared-key address 0.0.0.0 0.0.0.0 key <removed>
!

! IPsec policy
! - Match OS X proposal

crypto ipsec transform-set l2tp-transform esp-aes 256 esp-sha-hmac
 mode transport
!

! Require IPsec for all L2TP traffic
! 

ip access-list extended l2tp-access
 permit udp any eq 1701 any
!

crypto dynamic-map l2tp-map 10
 set nat demux
 set transform-set l2tp-transform
 match address l2tp-access
!

crypto map l2tp 10 ipsec-isakmp dynamic l2tp-map

interface Vlan6
 crypto map l2tp
!

 

http://null.53bits.co.uk/index.php?page=pppoe-initial-set-up-with-freeradius-2http://null.53bits.co.uk/index.php?page=lac-wholesale-pppoa-e-l2tp-tunnelling-with-freeradius-2http://www.gossamer-threads.com/lists/cisco/bba/182918#182918

https://supportforums.cisco.com/document/9878401/l2tp-over-ipsec-cisco-ios-router-using-windows-8

http://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/9556-basic-vpdn.html

http://www.gossamer-threads.com/lists/cisco/nsp/131855

http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t2/pt_wnlns.htmlhttp://www.networklabs.info/2012/03/cisco-l2tp-dial-in.htmlhttps://www.marc.info/?l=cisco-nsp&m=142683826203087&w=3

L2TP over IPsec on Cisco IOS

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/vpdn/configuration/xe-3s/vpd-xe-3s-book/vpd-cfg-nas-init-dialin-tunnels.html#GUID-5F599546-5296-4037-93CA-C284D54C9426http://www.openl2tp.org/pipermail/openl2tp-users/2011-March/000939.html

http://blogconfigs.blogspot.nl/2010/07/configure-l2tp-ipsec-vpn-server-on.html

http://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/23980-l2tp-23980.html#t4

http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/scaling.html#pgfId-1121164

http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/datasheet-c78-731640.html

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/l2tp_ips.html#wp1046219

http://windowsitpro.com/networking/pptp-vs-l2tp

https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn

http://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/9556-basic-vpdn.html

http://strongvpn.com/forum/viewtopic.php?id=2234

Configuring DSL (ISP & Customer Side)

https://supportforums.cisco.com/document/30416/pppoe-over-l2tp-lns-configuration-and-troubleshooting

http://www.gossamer-threads.com/lists/cisco/nsp/131855