Konfigurasi Remote VPN L2TP/IPSec di Cisco Router IOS
Pada kesempatan kali ini akan mencoba melakukan Konfigurasi Remote VPN L2TP/IPSec di Cisco Router IOS, L2TP/IPsec merupakan salah satu teknologi VPN selain PPTP, IKEV dan SSL VPN. L2TP tidak mempunyai enkripsi oleh karena itu perlu di amakan dengan IPSec. L2TP/IPsec bisa juga di konfigurasi di Linux menggunakan paket software Strongswan, di Windows Server bisa menggunakan fitur RRAS.
Ringkasan konfigurasi, show run
Building configuration...
Current configuration : 2192 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname EDGE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
vpdn enable
!
vpdn-group l2tp-group
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco privilege 15 password 0 cisco
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set l2tp-ipsec-transpor-esp esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map my-dynamic-map 1
set nat demux
set transform-set l2tp-ipsec-transpor-esp
!
!
crypto map my-static-map 1 ipsec-isakmp dynamic my-dynamic-map
!
!
!
!
interface Loopback0
ip address 192.168.168.254 255.255.255.255
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
duplex auto
speed auto
crypto map my-static-map
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4/0
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool l2tp-pool
ppp authentication ms-chap-v2
!
ip local pool l2tp-pool 192.168.168.5 192.168.168.10
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
Untuk tutorial saya mengikuti berikut dan berhasil
http://jazier.blogspot.com/2015/08/cisco-remote-access-l2tpipsec-psk-vpn.html
http://jazier.blogspot.com/2015/08/cisco-remote-access-l2tpipsec-psk-vpn.html
Komentar