Cisco Cisco ASA 5545-X Adaptive Security Appliance - No Payload Encryption Manual Técnica
Cisco 5515 Series ASA that runs the software version 9.4(1)
L2TP/IPSec client (Windows 8)
L2TP/IPSec client (Windows 8)
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started
with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Related Products
This configuration can also be used with Cisco ASA 5500 series Security Appliance 8.3(1) or later.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions
Background Information
Layer 2 Tunneling Protocol (L2TP) is a VPN tunneling protocol that allows remote clients to use the public IP network to securely communicate
with private corporate network servers. L2TP uses PPP over UDP (port 1701) to tunnel the data.
with private corporate network servers. L2TP uses PPP over UDP (port 1701) to tunnel the data.
L2TP protocol is based on the client/server model. The function is divided between the L2TP Network Server (LNS), and the L2TP Access
Concentrator (LAC). The LNS typically runs on a network gateway such as the ASA in this case, while the LAC can be a dial-up Network
Access Server (NAS) or an endpoint device with a bundled L2TP client such as Microsoft Windows, Apple iPhone, or Android.
Concentrator (LAC). The LNS typically runs on a network gateway such as the ASA in this case, while the LAC can be a dial-up Network
Access Server (NAS) or an endpoint device with a bundled L2TP client such as Microsoft Windows, Apple iPhone, or Android.
Configure
This section is presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.
Note: The IP addressing schemes used in this configuration are not legally routable on the Internet. They are RFC 1918 addresses that have
been used in a lab environment.
been used in a lab environment.
Network Diagram
Full Tunnel Configuration
ASA Configuration Using Adaptive Security Device Manager (ASDM)
Complete these steps:
Step 1. Log in to the ASDM, and navigate to Wizards > VPN Wizards > Ipsec (IKEv1) Remote Access VPN Wizard.
Step 2. A Remote Access VPN setup window appears. From the drop-down list, choose the interface on which VPN tunnel has to be terminated.
In this example outside interface is connected to WAN and so terminating VPN tunnels on this interface. Keep the box Enable inbound IPSec
sessions to bypass interface access lists. Group policy and per-user authorization access lists still apply to the traffic checked so that new
access-list need not to be configured on outside interface to allow the clients to access internal resources. Click Next.
In this example outside interface is connected to WAN and so terminating VPN tunnels on this interface. Keep the box Enable inbound IPSec
sessions to bypass interface access lists. Group policy and per-user authorization access lists still apply to the traffic checked so that new
access-list need not to be configured on outside interface to allow the clients to access internal resources. Click Next.
Step 3. As showin in this image, choose the client type as Microsoft Windows client using L2TP over IPSec and MS-CHAP-V1 and MS-
CHAP-V2 as PPP authentication protocol since PAP is not secure and other authentication types are not supported with LOCAL database as
authentication server and Click Next.
CHAP-V2 as PPP authentication protocol since PAP is not secure and other authentication types are not supported with LOCAL database as
authentication server and Click Next.