-
-
Save barik/1f6f4c7a505d6c29e080 to your computer and use it in GitHub Desktop.
Cisco IOS IPsec/L2TP VPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ! | |
| aaa new-model | |
| ! | |
| ! | |
| aaa authentication login VPN local | |
| aaa authorization network VPN local | |
| ! | |
| ! | |
| vpdn enable | |
| ! | |
| vpdn-group l2tpvpn | |
| accept-dialin | |
| protocol l2tp | |
| virtual-template 1 | |
| no l2tp tunnel authentication | |
| ! | |
| username [VPN user] password 0 [VPN password] | |
| ! | |
| crypto keyring l2tpvpn | |
| pre-shared-key address 0.0.0.0 0.0.0.0 key [pre-shared-key] | |
| ! | |
| crypto isakmp policy 1 | |
| encr 3des | |
| authentication pre-share | |
| group 2 | |
| lifetime 3600 | |
| ! | |
| crypto isakmp key [pre-shared-key] address 0.0.0.0 0.0.0.0 | |
| crypto isakmp keepalive 10 periodic | |
| ! | |
| crypto ipsec transform-set L2TP-TS esp-3des esp-sha-hmac | |
| mode transport | |
| ! | |
| crypto dynamic-map dynvpn 1 | |
| set nat demux | |
| set transform-set L2TP-TS | |
| ! | |
| crypto map CRYPTOMAP 20 ipsec-isakmp dynamic dynvpn | |
| ! | |
| interface Virtual-Template1 | |
| ip unnumbered Ethernet0.10 | |
| peer default ip address pool VPN | |
| keepalive 5 | |
| ppp authentication ms-chap-v2 | |
| ! | |
| interface Ethernet0.10 | |
| crypto map CRYPTOMAP | |
| ! | |
| ip local pool VPN 10.2.1.1 10.2.1.10 | |
| ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment