RE: OT: L2TP Dialer help

I think you are asking for just L2TP so here is a configuration example.

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/l2tpT.html

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
William McCall
Sent: Thursday, May 20, 2010 10:42 AM
To: Asif Gul Khan
Cc: Ahmed Ejaz; Cisco certification
Subject: Re: OT: L2TP Dialer help

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_examp
le09186a0080093f6f.shtml

Ignore the crypto stuff and its basically what you're looking for.

--WM

On Thu, May 20, 2010 at 6:29 AM, Asif Gul Khan <nockhi_at_gmail.com> wrote:
> Dear EjaZ!
>
> I am talking about L2TP tunnel Specifically here. Your configuration seems
> to be simple IPSec VPN only.
>
>
> Regards
>
>
>
> On Thu, May 20, 2010 at 4:19 PM, Ahmed Ejaz <aahmedejaz_at_gmail.com> wrote:
>
>> Hi,
>>
>> Here is the config for one of our old 837 router through which we used to
>> vpn to our main site (pix firewall).
>>
>> HTH
>>
>>
>> version 12.3
>> no service pad
>> service timestamps debug datetime msec
>> service timestamps log datetime msec
>> service password-encryption
>> !
>> hostname ADSL-837
>> !
>> boot-start-marker
>> boot-end-marker
>> !
>> no logging on
>> enable secret 5 xxxxxxxxxx
>> !
>> no aaa new-model
>> ip subnet-zero
>> !
>> !
>> !
>> !
>> ip domain retry 5
>> ip domain timeout 10
>> ip name-server 213.42.20.20
>> ip name-server 195.229.241.222
>> ip ips po max-events 100
>> no ftp-server write-enable
>> !
>> !
>> !
>> !
>> !
>> crypto isakmp policy 1
>> encr 3des
>> hash md5
>> authentication pre-share
>> group 2
>> crypto isakmp key xxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth
>> crypto isakmp key xxxxxxxxx hostname ditpix.dita.ae no-xauth
>> crypto isakmp keepalive 10 10
>> crypto isakmp nat keepalive 10
>> !
>> crypto ipsec security-association lifetime kilobytes 500000000
>> crypto ipsec security-association lifetime seconds 86400
>> !
>> crypto ipsec transform-set setA esp-3des esp-md5-hmac
>> !
>> crypto map mapA 10 ipsec-isakmp
>> set peer 213.132.48.162
>> set transform-set setA
>> match address 165
>> !
>> !
>> !
>> interface Ethernet0
>> ip address 10.10.23.254 255.255.255.0
>> ip access-group 180 in
>> ip nat inside
>> ip virtual-reassembly
>> hold-queue 100 out
>> !
>> interface ATM0
>> no ip address
>> no atm ilmi-keepalive
>> dsl operating-mode auto
>> pvc 0/50
>> encapsulation aal5mux ppp dialer
>> dialer pool-member 5
>> !
>> !
>> interface FastEthernet1
>> no ip address
>> duplex auto
>> speed auto
>> !
>> interface FastEthernet2
>> no ip address
>> duplex auto
>> speed auto
>> !
>> interface FastEthernet3
>> no ip address
>> duplex auto
>> speed auto
>> !
>> interface FastEthernet4
>> no ip address
>> duplex auto
>> speed auto
>> !
>> interface Dialer0
>> ip address negotiated
>> ip nat outside
>> ip virtual-reassembly
>> encapsulation ppp
>> dialer pool 5
>> dialer remote-name etisalat
>> dialer idle-timeout 0
>> dialer persistent
>> dialer-group 1
>> ppp pap sent-username xxxxxxxx password 7 xxxxxxxxx
>> crypto map mapA
>> !
>> ip classless
>> ip route 0.0.0.0 0.0.0.0 Dialer0
>> !
>> ip http server
>> no ip http secure-server
>> !
>> ip nat inside source list 120 interface Dialer0 overload
>> !
>> access-list 120 deny ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
>> access-list 120 deny ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
>> access-list 120 deny ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
>> access-list 120 permit ip 10.10.23.0 0.0.0.255 any
>> access-list 165 permit ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
>> access-list 165 permit ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
>> access-list 165 permit ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
>> access-list 180 permit ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
>> access-list 180 permit ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
>> access-list 180 permit ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq www
>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 8080
>> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq domain
>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 443
>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 1863
>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 5050
>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq ftp
>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq telnet
>> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq isakmp
>> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq non500-isakmp
>> dialer-list 1 protocol ip permit
>> !
>> !
>> control-plane
>> !
>> !
>> line con 0
>> no modem enable
>> transport preferred all
>> transport output all
>> line aux 0
>> transport preferred all
>> transport output all
>> line vty 0 4
>> password 7 01435F1C521B5656
>> login
>> transport preferred all
>> transport input all
>> transport output all
>> !
>> scheduler max-task-time 5000
>> end
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Thu, May 20, 2010 at 3:50 PM, Asif Gul Khan <nockhi_at_gmail.com>
wrote:
>>
>>> Dear friends
>>>
>>> my requirement is to dial L2TP VPN from a Cisco Router (preferably low
end
>>> like 837,28xx). Can someone suggest me how can i achieve it??
>>>
>>> Some link or template will be appreciated
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Asif Khan
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>
>
> --
> Regards,
>
> Asif Khan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
William McCall, CCIE #25044
Blogs and organic groups at http://www.ccie.net