L2TP Configuration Examples 631
b Adopt AAA authentication.
[Router1] aaa-enable
[Router1] aaa authentication-scheme ppp default local
[Router1] aaa accounting-scheme optional
c Create an access control list and specify the encrypted L2TP data.
[Router1] acl 101
[Router1-acl-101] rule permit udp source 202.38.161.1 0.0.0.0
destination 202.38.161.2 0.0.0.0 destination-port equal 1701
d Create a transform view, use DES encryption and adopt a transport mode.
[Router1] ipsec proposal l2tptrans
[Router1-ipsec-proposal-l2tptrans] transform esp-new
[Router1-ipsec-proposal-l2tptrans] esp-new encryption-algorithm des
[Router1-ipsec-proposal-l2tptrans] esp-new auth sha1-hmac-96
[Router1-ipsec-proposal-l2tptrans] encapsulation-mode transport
e Create a crypto policy, use IKE negotiation mode and configure IKE
pre-shared-key.
[Router1] ipsec policy l2tpmap 10 isakmp
[Router1-ipsec-policy-l2tpmap-10] ike pre-shared-key l2tp_ipsec
remote 202.38.160.2
[Router1-ipsec-policy-l2tpmap-10] match address 101
[Router1-ipsec-policy-l2tpmap-10] set peer 202.38.160.2
[Router1-ipsec-policy-l2tpmap-10] set transform l2tptrans
f Configure an IP address on Serial 0 interface and apply a IPSec policy.
[Router1] interface serial 0
[Router1-Serial0] ip address 202.38.160.1 255.255.255.0
[Router1-Serial0] ipsec policy l2tymap
g Configure a L2TP group and configure the related attributes.
[Router1] l2tp enable
[Router1] l2tp-group 1
[Router1-l2tp1] tunnel name lac-end
[Router1-l2tp1] start l2tp ip 202.38.160.2 fullusername vpdnuser
[Router1-l2tp1] undo tunnel authentication
3 Configuration at Router2 (LNS side)
a Enable AAA authentication.
[Router2] aaa-enable
[Router2] aaa authentication-scheme ppp default local
b Configure the username and password that should be the same as those
configured at the LAC side.
[Router2] local-user vpdnuser password simple Hello
c Configure an address pool 1 in the range of 192.168.0.2 to 192.168.0.100.
[Router2] ip pool 1 192.168.0.2 192.168.0.100
d Configure an access control list and specify L2TP data.
[Router2] acl 101
[Router2-acl-101] rule permit udp source 192.168.0.0 0.0.0.255
destination 202.38.161.1 0.0.0.0
e Create the transform view, use DES encryption and adopt the transform mode.
[Router2] ipsec proposal l2tptrans