From: Daniel Prinsloo (daniel@xxxxxxxxxxxxxx)
Date: Mon Oct 08 2001 - 18:57:33 GMT-3
Brian,
I do not think this will work as the two devices (3640 and W2K) will not
be able to achieve a SA as the address for the SA will be hidden inside
the negotiation that is not picked up by the NAT statement. My
suggestion would be to give the W2K machine a legal address and make a
static route for it on the 2514.
Anybody else?
Brian wrote:
> I am trying to establish an l2tp session from a win2k box to
> a 3640. The win2k box is natted behind a 2514. Should this work?
> I wasn't seeing anything hit the 3640 with debug vpdn
> l2x-events/l2x-errors. On the 3640 I am doing like:
>
> username vpntest password vpntest
>
> vpdn enable
> vpdn-group vpngroup
> accespt-dialin
> protocol l2tp
> virtual-template 1
> terminate-from hostname user
> local name andromeda
> l2tp tunnel password vpntest
>
> interface virtual-template 1
> ip unnumbered f2/0.161
> peer default ip address pool vpnpool
> ppp authentication chap
>
> ip local pool vpnpool 10.1.1.129 10.1.1.190
>
>
> on the win2k side, I am setting the username and password, setting it for
> l2tp, unencrypted (no ipsec), but I don't see in win2k where I set the
> actual tunnel password itself..........I assume that "terminate-from
> hostname user" will want the win2k box to have a windows hostname of
> "user". I thought maybe nat was messing with this since my debugs came up
> short.
>
> Brian
>
>
> -----------------------------------------------
> Brian Feeny, CCIE #8036 e: signal@shreve.net
> Network Engineer p: 318.222.2638x109
> ShreveNet Inc. f: 318.221.6612
-- Daniel Prinsloo Prove IT daniel@prove-it.co.uk www.prove-it.co.uk ICQ 42743324 Fax 0870 135 7712
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:15 GMT-3