Cisco Router to VyperVPN Remote Access Setup

[greenemk]

Hello all,

I am trying to setup a connection from my Cisco 1800 ISR to a VyperVPN remote access connection. I currently have a remote access connection (L2TP Dialer) to StrongVPN, but I want to change my service over to VyperVPN. Everything I have searched on the web is for configuration of home-routers running DD-WRT or Tomato...

Has anyone had any success setting this up? If so, I need some help!


MG

CCNA, CCNP, Sec+

 

[burtsbees]

Config setting are config settings, no matter what you use...they may have different terms to describe each (Like MicroCrap might say "VPN Password", and Cisco calls it "Group", or something like that).

What part are you having trouble with?

--TIMMAY!

ip access-list extended IP-Options-and-Powerball
deny ip any any winning-powerball-ticket
permit ip any any option any-options
!
class-map ACL-Options-and-Powerball
match access-group name IP-Options-and-Powerball
!
policy-map CoPP-POLICY
class ACL-Options-and-Powerball
drop
!
control-plane
service-policy input CoPP-POLICY

 

[greenemk]

I'm using the current config with StrongVPN with no issues and everything work great. The tunnel is established based on certain types of traffic matching ACL's. All I did was change the setting over to my VyperVPN service info. The tunnel connects when traffic is matched, but drops after a couple of seconds. I am able to pass traffic through the tunnel successfully for those couple of seconds and then it drops. The only way to bring it back up is to reboot the router and then once again, its once up for a few secs.

My Config

vpdn enable
!
vpdn-group L2TP
request-dialin
protocol l2tp
pool-member 1
initiate-to ip 209.99.36.18
no l2tp tunnel authentication

**************************************************
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 15
encr aes 256
authentication pre-share
group 5
lifetime 3600
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 5
lifetime 3600
!
crypto isakmp policy 25
encr 3des
hash md5
authentication pre-share
group 2

***************************************************

crypto isakmp key 6 XXXXXXXX address 209.99.63.18

***************************************************

crypto map VYPERVPN 10 ipsec-isakmp
set peer 209.99.63.18
set transform-set ESP-AES256-SHA
match address L2TP2VYPERVPN

*****************************************************

crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
mode transport

****************************************************

interface FastEthernet1
description ISP DSL
crypto map VYPERVPN

**********************************************

interface Dialer1
description VPN (VYPERVPN)
ip address negotiated
ip mtu 1400
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1360
ip policy route-map clear-df-bit
load-interval 30
dialer pool 1
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 1
ppp acfc local request
ppp acfc remote apply
ppp authentication ms-chap-v2 callin
ppp chap hostname XXXXXXXX
ppp chap password XXXXXXXX
no cdp enable

**********************************

ip access-list extended L2TP2VYPERVPN
permit udp host 192.168.2.10 host 209.99.20.18 eq 1701
permit udp host 192.168.2.10 host 209.99.63.18 eq 1701

*************************

route-map clear-df-bit permit 10
match ip address clear-df-bit
set ip df 0

I've debugged the connection and it looks no different than when I use my StrongVPN service. Only thing I notice is the failed attempts from VPDN when the service tries to connect after the initial successful setup. There is are no errors when the tunnel disconnects.




MG


CCNA, CCNP, Sec+