RE: OT: L2TP Dialer help

http://conft.com/en/US/docs/ios/dial/configuration/guide/dia_l2tp_lsdo_ps635
0_TSD_Products_Configuration_Guide_Chapter.html#wp1027022

You are configuring the LNS so follow the configuration example on how to do
such.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: Asif Gul Khan [mailto:nockhi_at_gmail.com]
Sent: Thursday, May 20, 2010 2:22 PM
To: Tyson Scott
Cc: William McCall; Ahmed Ejaz; Cisco certification
Subject: Re: OT: L2TP Dialer help

Hello William/Tyson,

Thanks for your help, ive been looking at the lac/lns configs
available @ cisco, but basically what i am looking for is that the
router should dial the server itself using l2tp. I.e. the system
connected to the lan should not manually dial the vpn. Whenever the
router sense interesting traffic it should initiate a dialer and dial
the destination ip to create an l2tp tunnel.... I hope im able to make
you understand the scenario!

On 5/20/10, Tyson Scott <tscott_at_ipexpert.com> wrote:
> I think you are asking for just L2TP so here is a configuration example.
>
> http://www.cisco.com/en/US/docs/ios/12_0t/12_0t1/feature/guide/l2tpT.html
>
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
> Technical Instructor - IPexpert, Inc.
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> William McCall
> Sent: Thursday, May 20, 2010 10:42 AM
> To: Asif Gul Khan
> Cc: Ahmed Ejaz; Cisco certification
> Subject: Re: OT: L2TP Dialer help
>
>
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_examp
> le09186a0080093f6f.shtml
>
> Ignore the crypto stuff and its basically what you're looking for.
>
> --WM
>
> On Thu, May 20, 2010 at 6:29 AM, Asif Gul Khan <nockhi_at_gmail.com> wrote:
>> Dear EjaZ!
>>
>> I am talking about L2TP tunnel Specifically here. Your configuration
seems
>> to be simple IPSec VPN only.
>>
>>
>> Regards
>>
>>
>>
>> On Thu, May 20, 2010 at 4:19 PM, Ahmed Ejaz <aahmedejaz_at_gmail.com> wrote:
>>
>>> Hi,
>>>
>>> Here is the config for one of our old 837 router through which we used
to
>>> vpn to our main site (pix firewall).
>>>
>>> HTH
>>>
>>>
>>> version 12.3
>>> no service pad
>>> service timestamps debug datetime msec
>>> service timestamps log datetime msec
>>> service password-encryption
>>> !
>>> hostname ADSL-837
>>> !
>>> boot-start-marker
>>> boot-end-marker
>>> !
>>> no logging on
>>> enable secret 5 xxxxxxxxxx
>>> !
>>> no aaa new-model
>>> ip subnet-zero
>>> !
>>> !
>>> !
>>> !
>>> ip domain retry 5
>>> ip domain timeout 10
>>> ip name-server 213.42.20.20
>>> ip name-server 195.229.241.222
>>> ip ips po max-events 100
>>> no ftp-server write-enable
>>> !
>>> !
>>> !
>>> !
>>> !
>>> crypto isakmp policy 1
>>> encr 3des
>>> hash md5
>>> authentication pre-share
>>> group 2
>>> crypto isakmp key xxxxxxxxx address 0.0.0.0 0.0.0.0 no-xauth
>>> crypto isakmp key xxxxxxxxx hostname ditpix.dita.ae no-xauth
>>> crypto isakmp keepalive 10 10
>>> crypto isakmp nat keepalive 10
>>> !
>>> crypto ipsec security-association lifetime kilobytes 500000000
>>> crypto ipsec security-association lifetime seconds 86400
>>> !
>>> crypto ipsec transform-set setA esp-3des esp-md5-hmac
>>> !
>>> crypto map mapA 10 ipsec-isakmp
>>> set peer 213.132.48.162
>>> set transform-set setA
>>> match address 165
>>> !
>>> !
>>> !
>>> interface Ethernet0
>>> ip address 10.10.23.254 255.255.255.0
>>> ip access-group 180 in
>>> ip nat inside
>>> ip virtual-reassembly
>>> hold-queue 100 out
>>> !
>>> interface ATM0
>>> no ip address
>>> no atm ilmi-keepalive
>>> dsl operating-mode auto
>>> pvc 0/50
>>> encapsulation aal5mux ppp dialer
>>> dialer pool-member 5
>>> !
>>> !
>>> interface FastEthernet1
>>> no ip address
>>> duplex auto
>>> speed auto
>>> !
>>> interface FastEthernet2
>>> no ip address
>>> duplex auto
>>> speed auto
>>> !
>>> interface FastEthernet3
>>> no ip address
>>> duplex auto
>>> speed auto
>>> !
>>> interface FastEthernet4
>>> no ip address
>>> duplex auto
>>> speed auto
>>> !
>>> interface Dialer0
>>> ip address negotiated
>>> ip nat outside
>>> ip virtual-reassembly
>>> encapsulation ppp
>>> dialer pool 5
>>> dialer remote-name etisalat
>>> dialer idle-timeout 0
>>> dialer persistent
>>> dialer-group 1
>>> ppp pap sent-username xxxxxxxx password 7 xxxxxxxxx
>>> crypto map mapA
>>> !
>>> ip classless
>>> ip route 0.0.0.0 0.0.0.0 Dialer0
>>> !
>>> ip http server
>>> no ip http secure-server
>>> !
>>> ip nat inside source list 120 interface Dialer0 overload
>>> !
>>> access-list 120 deny ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
>>> access-list 120 deny ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
>>> access-list 120 deny ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
>>> access-list 120 permit ip 10.10.23.0 0.0.0.255 any
>>> access-list 165 permit ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
>>> access-list 165 permit ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
>>> access-list 165 permit ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
>>> access-list 180 permit ip 10.10.23.0 0.0.0.255 172.16.253.0 0.0.0.255
>>> access-list 180 permit ip 10.10.23.0 0.0.0.255 172.17.253.0 0.0.0.255
>>> access-list 180 permit ip 10.10.23.0 0.0.0.255 10.100.1.0 0.0.0.255
>>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq www
>>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 8080
>>> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq domain
>>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 443
>>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 1863
>>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq 5050
>>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq ftp
>>> access-list 180 permit tcp 10.10.23.0 0.0.0.255 any eq telnet
>>> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq isakmp
>>> access-list 180 permit udp 10.10.23.0 0.0.0.255 any eq non500-isakmp
>>> dialer-list 1 protocol ip permit
>>> !
>>> !
>>> control-plane
>>> !
>>> !
>>> line con 0
>>> no modem enable
>>> transport preferred all
>>> transport output all
>>> line aux 0
>>> transport preferred all
>>> transport output all
>>> line vty 0 4
>>> password 7 01435F1C521B5656
>>> login
>>> transport preferred all
>>> transport input all
>>> transport output all
>>> !
>>> scheduler max-task-time 5000
>>> end
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, May 20, 2010 at 3:50 PM, Asif Gul Khan <nockhi_at_gmail.com>
> wrote:
>>>
>>>> Dear friends
>>>>
>>>> my requirement is to dial L2TP VPN from a Cisco Router (preferably low
> end
>>>> like 837,28xx). Can someone suggest me how can i achieve it??
>>>>
>>>> Some link or template will be appreciated
>>>>
>>>>
>>>> --
>>>> Regards,
>>>>
>>>> Asif Khan
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>> --
>> Regards,
>>
>> Asif Khan
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
> --
> William McCall, CCIE #25044
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>

-- 
Regards,
Asif Khan
Blogs and organic groups at http://www.ccie.net