{"id":5477,"date":"2020-12-09T18:24:22","date_gmt":"2020-12-09T17:24:22","guid":{"rendered":"https:\/\/nil.uniza.sk\/?p=5477"},"modified":"2020-12-09T18:35:29","modified_gmt":"2020-12-09T17:35:29","slug":"configruration-l2tp-over-ipsec","status":"publish","type":"post","link":"https:\/\/nil.uniza.sk\/en\/configruration-l2tp-over-ipsec\/","title":{"rendered":"Configruration L2TP over IPsec"},"content":{"rendered":"<p><\/p>\n\n\n\n<p>Configuration of L2TP over IPsec tunnel connection with Cisco router as a server and MikroTik router as a client.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configuration of Cisco server<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>(config)#int loopback 0 \n(config-if)#ip address 192.168.1.1 255.255.255.255\n(config-if)#exit\n(config)#ip local pool l2tp-pool 192.168.1.5 192.168.1.10\n(config)#vpdn enable\n(config)#vpdn-group l2tp-group\n(config-vpdn)#accept-dialin\n(config-vpdn-acc-in)#protocol l2tp\n(config-vpdn-acc-in)#virtual-template 1\n(config-vpdn-acc-in)#exit\n(config-vpdn)#no l2tp tunnel authentication\n(config-vpdn)#exit\n(config)#interface virtual-template 1\n(config-if)#ip unnumbered loopback 0\n(config-if)#peer default ip address pool l2tp-pool\n(config-if)#ppp authentication ms-chap-v2\n(config-if)#exit\n(config)#crypto isakmp policy 1\n(config-isakmp)#encryption aes 256\n(config-isakmp)#hash sha512\n(config-isakmp)#authentication pre-share\n(config-isakmp)#group 2\n(config-isakmp)#lifetime 3600\n(config-isakmp)#exit\n(config)#crypto isakmp key PRESHARED_KEY address 0.0.0.0 !or peer address \n(config)#crypto ipsec transform-set l2tp-ipsec-transport-esp esp-aes 256 esp-sha512-hmac\n(cfg-crypto-trans)#mode transport\n(cfg-crypto-trans)#exit\n(config)#crypto dynamic-map my-dynamic-map 1\n(config-crypto-map)#set nat demux\n(config-crypto-map)#set transform-set l2tp-ipsec-transport-esp\n(config-crypto-map)#exit\n(config)#crypto map my-static-map 1  ipsec-isakmp dynamic my-dynamic-map\n(config)#interface fastEthernet 4 ! Your WAN interface\n(config-if)#crypto map my-static-map\n(config-if)#exit<\/code><\/pre>\n\n\n\n<p>Now we are able to connect to this router with L2TP\/IPsec tunnel.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configuration of MikroTik client<\/h2>\n\n\n\n<p>Create an L2TP VPN client on MikroTik<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/interface l2tp-client\nadd allow=mschap2 connect-to=IP_OF_CISCO_L2TP_SERVER disabled=no \\\n    ipsec-secret=PRESHARED_KEY keepalive-timeout=disabled name=\\\n    l2tp-out1 password=PASSWORD use-ipsec=yes user=USERNAME<\/code><\/pre>\n\n\n\n<p>Then set up IPsec config<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/ip ipsec proposal\r\nset &#091; find default=yes ] auth-algorithms=sha512 enc-algorithms=\\\r\n    aes-256-cbc lifetime=1h\n\/ip ipsec profile\nset &#091; find default=yes ] dh-group=modp1024 enc-algorithm=aes-256 \\\n    hash-algorithm=sha512<\/code><\/pre>\n\n\n\n<p>Verify l2tp tunnel connectivity between server and client<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/interface l2tp-client \nmonitor 0\n          status: connected\n          uptime: 1w2d23h17m29s\n        encoding: cbc(aes) + hmac(sha512)\n             mtu: 1450\n             mru: 1450\n   local-address: 192.168.1.5\n  remote-address: 192.168.1.1<\/code><\/pre>\n\n\n\n<p>Client via l2tp tunnel is connected<\/p>","protected":false},"excerpt":{"rendered":"<p>Configuration of L2TP over IPsec tunnel connection with Cisco router as a server and MikroTik router as a client. Configuration of Cisco server Now we are able to connect to this router with L2TP\/IPsec tunnel. Configuration of MikroTik client Create an L2TP VPN client on MikroTik Then set up IPsec config Verify l2tp tunnel connectivity&#8230;<\/p>","protected":false},"author":30,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[747],"tags":[1011,1456,1455,957],"class_list":["post-5477","post","type-post","status-publish","format-standard","hentry","category-practical_-_cisco-en","tag-cisco","tag-ipsec","tag-l2tp","tag-mikrotik"],"taxonomy_info":{"category":[{"value":747,"label":"Practical - Cisco"}],"post_tag":[{"value":1011,"label":"cisco"},{"value":1456,"label":"ipsec"},{"value":1455,"label":"l2tp"},{"value":957,"label":"mikrotik"}]},"featured_image_src_large":false,"author_info":{"display_name":"J\u00e1n \u010c\u00e1ni","author_link":"https:\/\/nil.uniza.sk\/en\/author\/jan-cani\/"},"comment_info":5,"category_info":[{"term_id":747,"name":"Practical - Cisco","slug":"practical_-_cisco-en","term_group":0,"term_taxonomy_id":745,"taxonomy":"category","description":"","parent":0,"count":17,"filter":"raw","cat_ID":747,"category_count":17,"category_description":"","cat_name":"Practical - Cisco","category_nicename":"practical_-_cisco-en","category_parent":0}],"tag_info":[{"term_id":1011,"name":"cisco","slug":"cisco","term_group":0,"term_taxonomy_id":1009,"taxonomy":"post_tag","description":"","parent":0,"count":2,"filter":"raw"},{"term_id":1456,"name":"ipsec","slug":"ipsec","term_group":0,"term_taxonomy_id":1454,"taxonomy":"post_tag","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":1455,"name":"l2tp","slug":"l2tp","term_group":0,"term_taxonomy_id":1453,"taxonomy":"post_tag","description":"","parent":0,"count":1,"filter":"raw"},{"term_id":957,"name":"mikrotik","slug":"mikrotik","term_group":0,"term_taxonomy_id":955,"taxonomy":"post_tag","description":"","parent":0,"count":2,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/5477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=5477"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/5477\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=5477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=5477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=5477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}