L2TPv3 over IPSEC Cisco

 R1

R1#show run

Building configuration...

Current configuration : 2153 bytes

!

version 12.4

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

logging buffered 512000

!

no aaa new-model

memory-size iomem 5

clock timezone JST 9

no ip icmp rate-limit unreachable

ip cef

!

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

archive

 log config

  hidekeys

!

!

crypto isakmp policy 1

 encr 3des

 hash md5

 authentication pre-share

 group 2

crypto isakmp key cisco address 10.0.0.2

crypto isakmp keepalive 30 periodic

!

!

crypto ipsec transform-set IPSEC esp-3des esp-md5-hmac

!

crypto map L2TPv3-IPSEC_to_vpn2 1 ipsec-isakmp

 set peer 10.0.0.2

 set transform-set IPSEC

 match address 100

!

!

!

ip tcp synwait-time 5

pseudowire-class L2TPv3

 encapsulation l2tpv3

 ip local interface FastEthernet0/0

!

!

!

!

!

interface FastEthernet0/0

 ip address 10.0.0.1 255.255.255.252

 duplex auto

 speed auto

 crypto map L2TPv3-IPSEC_to_vpn2

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface FastEthernet1/0

 no ip address

 duplex auto

 speed auto

 xconnect 10.0.0.2 1 pw-class L2TPv3

!

interface FastEthernet2/0

!

interface FastEthernet2/1

!

interface FastEthernet2/2

!

interface FastEthernet2/3

!

interface FastEthernet2/4

!

interface FastEthernet2/5

!

interface FastEthernet2/6

!

interface FastEthernet2/7

!

interface FastEthernet2/8

!

interface FastEthernet2/9

!

interface FastEthernet2/10

!

interface FastEthernet2/11

!

interface FastEthernet2/12

!

interface FastEthernet2/13

!

interface FastEthernet2/14

!

interface FastEthernet2/15

!

interface Vlan1

 no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

!

no ip http server

no ip http secure-server

!

access-list 1 permit any

access-list 100 permit 115 host 10.0.0.1 host 10.0.0.2

no cdp log mismatch duplex

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

!

!

end

R2

R2#show run

Building configuration...

Current configuration : 2152 bytes

!

version 12.4

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

logging buffered 512000

!

no aaa new-model

memory-size iomem 5

clock timezone JST 9

no ip icmp rate-limit unreachable

ip cef

!

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

archive

 log config

  hidekeys

!

!

crypto isakmp policy 1

 encr 3des

 hash md5

 authentication pre-share

 group 2

crypto isakmp key cisco address 10.0.0.1

crypto isakmp keepalive 30 periodic

!

!

crypto ipsec transform-set IPSEC esp-3des esp-md5-hmac

!

crypto map L2TPv3-IPSEC_to_vpn1 10 ipsec-isakmp

 set peer 10.0.0.1

 set transform-set IPSEC

 match address 100

!

!

!

ip tcp synwait-time 5

pseudowire-class L2TPv3

 encapsulation l2tpv3

 ip local interface FastEthernet0/0

!

!

!

!

!

interface FastEthernet0/0

 ip address 10.0.0.2 255.255.255.252

 duplex auto

 speed auto

 crypto map L2TPv3-IPSEC_to_vpn1

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface FastEthernet1/0

 no ip address

 duplex auto

 speed auto

 xconnect 10.0.0.1 1 pw-class L2TPv3

!

interface FastEthernet2/0

!

interface FastEthernet2/1

!

interface FastEthernet2/2

!

interface FastEthernet2/3

!

interface FastEthernet2/4

!

interface FastEthernet2/5

!

interface FastEthernet2/6

!

interface FastEthernet2/7

!

interface FastEthernet2/8

!

interface FastEthernet2/9

!

interface FastEthernet2/10

!

interface FastEthernet2/11

!

interface FastEthernet2/12

!

interface FastEthernet2/13

!

interface FastEthernet2/14

!

interface FastEthernet2/15

!

interface Vlan1

 no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

!

no ip http server

no ip http secure-server

!

access-list 1 permit any

access-list 100 permit 115 host 10.0.0.2 host 10.0.0.1

no cdp log mismatch duplex

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

line vty 0 4

 login

!

!

end