Cisco IOS Router with L2TP remote-access, RAIDUS authentication and Windows clients

I'm trying to get my Cisco 2811 to function as an L2TP Remote Access VPN server for Windows Clients using the built-in Networking (not Cisco VPN Client) with RADIUS authentication using a connection to my Windows domain controller  (running NAP).

Some guides suggest a configuration using dynamic crypto map and an isakmp client policy.

Other guides suggest using vpdn with a virtual-template interface.

I can get neither to work.

Does anyone have a *WORKING* configuration including Router config and Windows client configuration?
Who is Participating?
Jody LemoineConnect With a Mentor Network ArchitectCommented:
Try this:

aaa new-model
aaa authentication ppp default group radius
aaa authorization network default if-authenticated
vpdn enable
vpdn-group vpdn-group-l2tp
 ! Default L2TP VPDN group
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key key address no-xauth
crypto ipsec transform-set crypto-ts-3dessha1 esp-3des esp-sha-hmac
 mode transport
crypto dynamic-map crypto-dm-l2tp 10
 set nat demux
 set transform-set crypto-ts-3dessha1
 match address acl-l2tp
crypto map crypto-map-outside 10 ipsec-isakmp dynamic crypto-dm-l2tp
interface LAN interface
 Ip proxy-arp
interface WAN interface
 crypto map crypto-map-outside
interface Virtual-Template1
 ip unnumbered LAN interface
 peer default ip address pool default
 ppp mtu adaptive
 ppp authentication ms-chap-v2 ms-chap chap
ip local pool default x.x.x.x x.x.x.x
ip access-list extended acl-l2tp
 permit udp any eq 1701 any
radius-server host x.x.x.x auth-port 1812 acct-port 1813 key key
Jody LemoineNetwork ArchitectCommented:
Windows client configuration is default, except that the crypto isakmp key used above needs to be manually configured in the client's dial-up profile.
snowdog_2112Author Commented:
In the Window VPN client configuration, Security tab:

Type: L2TP/IPsec
Advanced Settings: <key used in "crypto isakmp key">

Allow these protocols:
CHAP, MS-CHAP-V2 (I have "user Windows logon" checked as well).
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.