{思科CCNP-SEC}L2TP-ipsec VPN配置实例

发布时间： 2017-06-16 11:32:07

L2TP#show run
Building configuration...

Current configuration : 2296 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname L2TP
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$Z7pG$jIf.4V.QMaOj.Xwn3PHFZ1
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login login local
!
!
aaa session-id common
ip source-route
ip cef
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group l2tp-vpdn
! Default L2TP VPDN group
accept-dialin
  protocol l2tp
  virtual-template 1
no l2tp tunnel authentication
!
username cisco password 0 cisco
archive
log config
  hidekeys
!
crypto keyring l2tp-key
  pre-shared-key address 0.0.0.0 0.0.0.0 key l2tp-key
!
crypto isakmp policy 10
hash md5
authentication pre-share
group 2
crypto isakmp profile l2tp-pro
   keyring l2tp-key
   match identity address 0.0.0.0
!
!
crypto ipsec transform-set l2tp-set esp-3des esp-md5-hmac
mode transport
!
crypto dynamic-map l2tp-dymap 10
set transform-set l2tp-set
set isakmp-profile l2tp-pro
reverse-route
!
!
crypto map l2tp-map 10 ipsec-isakmp dynamic l2tp-dymap
!
!
!
!
!
!
!
interface Loopback0
ip address 24.0.1.254 255.255.255.0
ip router isis
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 220.0.1.2 255.255.255.252
ip router isis
serial restart-delay 0
crypto map l2tp-map
!
interface Serial1/2
ip address 192.168.1.1 255.255.255.252
ip router isis
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Virtual-Template1
ip unnumbered Serial1/1
peer default ip address pool pool
ppp authentication chap ms-chap ms-chap-v2
!
router isis
net 49.0001.0000.0000.0005.00
!
ip local pool pool 24.0.1.1 24.0.1.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 220.0.1.1
no ip http server
no ip http secure-server
!
!
!
control-plane
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
login authentication login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login authentication login
!
end

L2TP#show vpdn

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
                                                           Count VPDN Group
23760      2          SKY-2011.mlp. est    10.0.200.3      1     l2tp-vpdn

LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID
                                 Vcid, Circuit
6          1          23760      cisco, Vi2.1         est    00:00:09 41

L2TP#show ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down
Serial1/0                  unassigned      YES unset  administratively down down
Serial1/1                  220.0.1.2       YES manual up                    up
Serial1/2                  192.168.1.1     YES manual up                    up
Serial1/3                  unassigned      YES unset  administratively down down
Loopback0                  24.0.1.254      YES manual up                    up
Virtual-Access1            unassigned      YES unset  down                  down
Virtual-Access2            unassigned      YES unset  up                    up
Virtual-Access2.1          220.0.1.2       YES TFTP   up                    up
Virtual-Template1          220.0.1.2       YES TFTP   down                  down