Configuring L2Tp Over Ipsec Connections - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 28
Configuring L2TP over IPSec
Configuring L2TP over IPSec Connections
To configure the security appliance to accept L2TP over IPSec connections, follow these steps:
Note
The security appliance does not establish an L2TP/IPSec tunnel with Windows 2000 if either the Cisco
VPN Client Version 3.x or the Cisco VPN 3000 Client Version 2.5 is installed. Disable the Cisco VPN
Service for the Cisco VPN Client Version 3.x, or the ANetIKE Service for the Cisco VPN 3000 Client
Version 2.5 from the Services panel in Windows 2000 (click Start>Programs>Administrative
Tools>Services). Then restart the IPSec Policy Agent Service from the Services panel, and reboot the
machine.
Specify IPSec to use transport mode rather than tunnel mode with the mode keyword of the
Step 1
crypto ipsec transform-set command:
hostname(config)# crypto ipsec transform-set trans_name mode transport
(Optional) Specify the local address pool used to allocate the IP address to the client using the
Step 2
address-pool command in tunnel-group general-attributes mode:
hostname(config)# tunnel-group name general-attributes
hostname(config-tunnel-general)# address-pool pool_name
Step 3
(Optional) Instruct the security appliance to send DNS server IP addresses to the client with the
dns value command from group policy configuration mode:
hostname(config)# group-policy group_policy_name attributes
hostname(config-group-policy)# dns value [none | IP_primary [ IP_secondary ]]
(Optional) Instruct the security appliance to send WINS server IP addresses to the client using the
Step 4
wins-server command from group policy configuration mode:
hostname(config-group-policy)# wins-server value [none | IP_primary [ IP_secondary ]]
(Optional) Generate a AAA accounting start and stop record for an L2TP session using the
Step 5
accounting-server-group command from tunnel group general-attributes mode:
hostname(config)# tunnel-group name general-attributes
hostname(config-tunnel-general)# accounting-server-group aaa_server_group
Configure L2TP over IPSec as a valid VPN tunneling protocol for a group or user with the
Step 6
vpn-tunnel-protocol l2tp-ipsec command:
For a group, enter group-policy attributes mode:
hostname(config)# group-policy group_policy_name attributes
hostname(config-group-policy)# vpn-tunnel-protocol l2tp-ipsec
For a user, enter username attributes mode:
hostname(config)# username user_name attributes
hostname(config-username)# vpn-tunnel-protocol l2tp-ipsec
Create a tunnel group with the tunnel-group command, and link the name of the group policy to the
Step 7
tunnel group with the default-group-policy command from tunnel group general-attributes mode:
hostname(config)# tunnel-group name type ipsec-ra
hostname(config)# tunnel-group name general-attributes
hostname(config-tunnel-general)# group-policy group_policy_name
OL-12172-03
Configuring L2TP over IPSec Connections
Cisco Security Appliance Command Line Configuration Guide
28-3
Advertisement
Table of Contents
Troubleshooting
