Настройка L2TP-Over-IPsec на Cisco IOS

Необходимо настроить L2TP/IPsec сервер на Cisco IOS для удаленного подключения сотрудников.

aaa new-model

aaa authentication login default local
aaa authorization network default local

vpdn enable

vpdn-group L2TP
accept-dialin
protocol l2tp
virtual-template 1
lcp renegotiation on-mismatch
no l2tp tunnel authentication
ip pmtu
ip mtu adjust

username testuser privilege 0 password testpass

crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key SECRET_KEY address 0.0.0.0 no-xauth
crypto isakmp keepalive 3600

crypto ipsec transform-set L2TP_SET esp-3des esp-sha-hmac
mode transport

crypto dynamic-map L2TP_MAP 10
set nat demux
set transform-set L2TP_SET

crypto map L2TP_CRYPTO_MAP 10 ipsec-isakmp dynamic L2TP_MAP

interface Loopback1
ip address 172.31.1.1 255.255.255.0

interface GigabitEthernet0/0
description -= WAN =-
ip address XXX.XXX.XXX.2 255.255.255.252
ip nat outside
crypto map L2TP_CRYPTO_MAP

interface GigabitEthernet0/1
description -= LAN =-
ip address 192.168.0.1 255.255.255.0
ip nat inside

interface Virtual-Template1
ip unnumbered Loopback1
ip nat inside
peer ip address forced
peer default ip address pool L2TP_POOL
ppp encrypt mppe 40
ppp authentication ms-chap-v2
ppp ipcp dns 192.168.0.1

ip local pool L2TP_POOL 172.31.1.10 172.31.1.250

ip nat inside source list INET_ACL interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.1

ip access-list extended INET_ACL
permit ip 192.168.0.0 0.0.0.255 any
permit ip 172.31.1.0 0.0.0.255 any

28.09.2017 · XDriver · Комментариев нет
Метки: , , ,  · Рубрики: Cisco

Написать комментарий

Вы должны войти, чтобы комментировать.