[ LiB ]

Practical Exercise 14-9 Solution

The following is a step-by-step discussion of the Practical Exercise solution.

Task 1 Solution

Step 1. At the R3 console, provide all the configuration required to configure the router as the LAC:

Create a local account:

R3(config)#username LAC password

Enable VPDN:

R3(config)#vpdn enable
R3(config)#vpdn search-order domain
R3(config)#vpdn-group 1
R3(config-vpdn)#request dialin l2tp ip 20.1.1.2 domain cisco.com
R3(config-vpdn)#local name LAC

Create a local IP pool:

R3(config)#ip local pool my_pool 10.31.1.100 10.31.1.110

Define an access list that specifies L2TP traffic as interesting:

R3(config)#access-list 101 permit udp host 20.1.1.1 eq 1701 host 20.1.1.2
  eq 1701

Configure an async line:

R3(config)#interface Async1
R3(config-if)#ip unnumbered Ethernet0
R3(config-if)#encapsulation ppp
R3(config-if)#async mode dedicated
R3(config-if)#peer default ip address pool my_pool
R3(config-if)#ppp authentication chap
R3(config-if)#exit
R3(config)#line 1
R3(config-line)#autoselect during-login
R3(config-line)#autoselect ppp
R3(config-line)#modem InOut
R3(config-line)#speed 38400
R3(config-line)#flowcontrol hardware

Create an IKE policy:

R3(config)#crypto isakmp policy 1
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#group 2
R3(config-isakmp)#lifetime 3600

Define the IKE peer and key:

R3(config)#crypto isakmp key cisco address 20.1.1.2

Create an IPSec transform set:

R3(config)#crypto ipsec transform-set testtrans esp-des

Create a crypto map:

R3(config)#crypto map l2tpmap 10 ipsec-isakmp
R3(config-crypto-m)#set peer 20.1.1.2
R3(config-crypto-m)#set transform-set testtrans
R3(config-crypto-m)#match address 101

Assign the crypto map to an interface:

R3(config)#interface Serial0
R3(config-if)#crypto map l2tpmap

Task 2 Solution

Step 1. At the R1 console, provide all the configuration required to configure the router as the LNS:

Create a local account:

R1(config)#username LNS password cisco

Enable VPDN:

R1(config)#vpdn enable

Create a local IP pool:

R1(config)#ip local pool mypool 200.1.1.1 200.1.1.10

Define an access list that specifies L2TP traffic as interesting:

R1(config)#access-list 101 permit udp host 20.1.1.2 eq 1701 host 20.1.1.1
  eq 1701

Create a VPDN group to accept tunnel requests:

R1(config)#vpdn-group 1
R1(config-vpdn)#accept dialin l2tp virtual-template 1 remote LAC
R1(config-vpdn)#local name LNS

Configure a virtual template for cloning:

R1(config)#interface Virtual-Template1
R1(config-if)#ip unnumbered Ethernet0
R1(config-if)#peer default ip address pool mypool
R1(config-if)#ppp authentication chap

Create an IKE policy:

R1(config)#crypto isakmp policy 1
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#group 2
R1(config-isakmp)#lifetime 3600

Define the IKE peer and key:

R1(config)#crypto isakmp key cisco address 20.1.1.1

Create an IPSec transform set:

R1(config)#crypto ipsec transform-set testtrans esp-des

Create a crypto map:

R1(config)#crypto map l2tpmap 10 ipsec-isakmp
R1(config-crypto-m)#set peer 20.1.1.1
R1(config-crypto-m)#set transform-set testtrans
R1(config-crypto-m)#match address 101

Assign the crypto map to an interface:

R1(config)#interface Serial0
R1(config-if)#crypto map l2tpmap

[ LiB ]