Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco IOS Router with L2TP remote-access, RAIDUS authentication and Windows clients

Posted on 2014-02-16
3
Medium Priority
?
1,974 Views
Last Modified: 2014-02-28
I'm trying to get my Cisco 2811 to function as an L2TP Remote Access VPN server for Windows Clients using the built-in Networking (not Cisco VPN Client) with RADIUS authentication using a connection to my Windows domain controller  (running NAP).

Some guides suggest a configuration using dynamic crypto map and an isakmp client policy.

Other guides suggest using vpdn with a virtual-template interface.

I can get neither to work.

Does anyone have a *WORKING* configuration including Router config and Windows client configuration?
0
Comment
Question by:snowdog_2112
  • 2
3 Comments
 
LVL 22

Accepted Solution

by:
Jody Lemoine earned 2000 total points
ID: 39864259
Try this:

aaa new-model
!
aaa authentication ppp default group radius
aaa authorization network default if-authenticated
!
vpdn enable
!
vpdn-group vpdn-group-l2tp
 ! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key key address 0.0.0.0 0.0.0.0 no-xauth
!
!
crypto ipsec transform-set crypto-ts-3dessha1 esp-3des esp-sha-hmac
 mode transport
!
crypto dynamic-map crypto-dm-l2tp 10
 set nat demux
 set transform-set crypto-ts-3dessha1
 match address acl-l2tp
!
crypto map crypto-map-outside 10 ipsec-isakmp dynamic crypto-dm-l2tp
!
interface LAN interface
 Ip proxy-arp
!
interface WAN interface
 crypto map crypto-map-outside
!
interface Virtual-Template1
 ip unnumbered LAN interface
 peer default ip address pool default
 ppp mtu adaptive
 ppp authentication ms-chap-v2 ms-chap chap
!
ip local pool default x.x.x.x x.x.x.x
!
ip access-list extended acl-l2tp
 permit udp any eq 1701 any
!
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key key
0
 
LVL 22

Expert Comment

by:Jody Lemoine
ID: 39864265
Windows client configuration is default, except that the crypto isakmp key used above needs to be manually configured in the client's dial-up profile.
0
 

Author Closing Comment

by:snowdog_2112
ID: 39895354
In the Window VPN client configuration, Security tab:

Type: L2TP/IPsec
Advanced Settings: <key used in "crypto isakmp key">

Allow these protocols:
CHAP, MS-CHAP-V2 (I have "user Windows logon" checked as well).
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question