Salve,
Sto cercando di configurare una VPN L2TP ISEC tra un CISCO 877 e un client WIN XP SP2 senza utilizare per il CISCO Client, non riescoa capire dove sbaglio o cosa dimentico dato che Win XP mi continua a risponde Errore 678...
Lo IOS che so usando e': c870-advipservicesk9-mz.124-6.T8
La mia configurazione e' la seguente:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime year
service timestamps log datetime localtime year
service password-encryption
service sequence-numbers
!
hostname gw
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Oygg$Qxo9GKT3uuZ3fPhqsOKLn.
!
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default if-authenticated
!
aaa session-id common
!
resource policy
!
clock timezone met 1
clock summer-time MET+1 recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip ssh authentication-retries 2
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
username enrico privilege 15 password 7 02031C4B07095C324F175F
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
mode transport
!
crypto dynamic-map DYN_MAP 10
set nat demux
set transform-set TRANS_ESP_3DES_MD5
!
!
crypto map CRYP_MAP 10 ipsec-isakmp dynamic DYN_MAP
!
!
!
!
!
!
interface Loopback0
description GATEWAY
ip address INDIRIZZO_IP_PUBBLICO 255.255.255.255
crypto map CRYP_MAP
!
!
interface Loopback3
ip address 192.168.4.254 255.255.255.0
!
interface ATM0
mtu 1500
no ip address
no ip redirects
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered Loopback3
peer default ip address pool CLIENT_VPN_POOL
ppp encrypt mppe auto
ppp authentication ms-chap-v2
!
interface Vlan1
ip address 10.0.0.254 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
hold-queue 100 out
!
ip local pool CLIENT_VPN_POOL 192.168.4.1 192.168.4.10
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Loopback0 overload
!
!
no cdp run
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 0 0
transport preferred ssh
transport input ssh
transport output ssh
!
scheduler max-task-time 5000
scheduler interval 500
!
no inservice
!
end
E fattibile cio che sto facendo o e' pura utopia ...
Grazie
