How to config L2TP V3 in Cisco Devices.

       The L2TP tech is one of the vpn tech, We know VPN tech have  many crypto and encrypto algorithm,  what’s different about L2TP,PPTP,IPSEC?

L2TP: it’s base on PPP layer 2 tunnel protocol. L2TP VPN framework have 2 type server, one is L2TP , one is LAC (L2TP Access Concentrator) that subsidiary network  PPP peer system and L2TP process devices, LAC is a network dial-in devices, that provide users dial-in services., the other is L2TP  network services devicesLNS (L2TP network server), that is PPP peer process L2TP protocol Server services.

      Between LNS and LAC have 2 type connections, the 1st is Tunnel connection others is session connection.L2TP use the AVP( Attribute Valus Pair) to controll message, to avoid message lost and check tunnel keepalive, the L2TP not support resend function but it can use TCP feature to keep session reliablity.

          

r1(config-if)#show run Building configuration… Current configuration : 5266 bytes hostname r1 ip cef pseudowire-class test encapsulation l2tpv3 ip local interface Loopback0 interface Loopback0 ip address 10.1.0.1 255.255.255.0 ! interface Ethernet0/0 no ip address xconnect 30.1.0.3 1 pw-class test ! interface Serial0/0 no ip address encapsulation frame-relay no dce-terminal-timing-enable no frame-relay inverse-arp ! interface Serial0/0.12 point-to-point ip address 12.1.1.1 255.255.255.0 frame-relay interface-dlci 102 router ospf 1 network 10.1.0.0 0.0.0.255 area 10 network 12.1.1.0 0.0.0.255 area 10 ============================================== hostname r2 interface Serial0/0 no ip address encapsulation frame-relay ! interface Serial0/0.21 point-to-point ip address 12.1.1.2 255.255.255.0 frame-relay interface-dlci 201 ! interface Serial0/0.23 point-to-point ip address 23.1.1.2 255.255.255.0 frame-relay interface-dlci 203 router ospf 1 network 12.1.1.0 0.0.0.255 area 10 network 23.1.1.0 0.0.0.255 area 10 ================================================ hostname r3 ip cef pseudowire-class test encapsulation l2tpv3 ip local interface Loopback0 interface Loopback0 ip address 30.1.0.3 255.255.255.0 ! interface Ethernet0/0 no ip address xconnect 10.1.0.1 1 pw-class test ! interface Serial0/0 no ip address encapsulation frame-relay no dce-terminal-timing-enable no frame-relay inverse-arp ! interface Serial0/0.23 point-to-point ip address 23.1.1.3 255.255.255.0 frame-relay interface-dlci 302 router ospf 1 network 30.1.0.0 0.0.0.255 area 10 network 23.1.1.0 0.0.0.255 area 10 ============================================ hostname r4 interface FastEthernet0/0 ip address 45.1.1.4 255.255.255.0 ============================================ hostname r5 interface FastEthernet0/0 ip address 45.1.1.5 255.255.255.0 ============================================= host sw1 interface FastEthernet0/1 switchport access vlan 14 <===============R1 ! interface FastEthernet0/2 ! interface FastEthernet0/3 switchport access vlan 35<—————-R3 ! interface FastEthernet0/4 <================R4 switchport access vlan 14 ! interface FastEthernet0/5 switchport access vlan 35<—————-R5 ============================================= r1#ping 30.1.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.1.0.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms r1#sh l2tun tunnel all %No active L2F tunnels L2TP Tunnel Information Total tunnels 1 sessions 1 Tunnel id 3331 is up, remote id is 60973, 1 active sessions Tunnel state is established, time since change 00:21:18 Tunnel transport is IP (115) Remote tunnel name is r3 Internet Address 30.1.0.3, port 0 Local tunnel name is r1 Internet Address 10.1.0.1, port 0 Tunnel domain unknown VPDN group for tunnel is not available L2TP class for tunnel is l2tp_default_class 668 packets sent, 50 received 47449 bytes sent, 10708 received Last clearing of "show vpdn" counters never Control Ns 29, Nr 25 Local RWS 800 (default), Remote RWS 800 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 2 Total resends 0, ZLB ACKs sent 21 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 0 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 %No active PPTP tunnels ================================================== ========= r3(config-if)#do ping 10.1.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/8 ms r3(config-if)#do sh l2tun tunnel all %No active L2F tunnels L2TP Tunnel Information Total tunnels 1 sessions 1 Tunnel id 60973 is up, remote id is 3331, 1 active sessions Tunnel state is established, time since change 00:23:27 Tunnel transport is IP (115) Remote tunnel name is r1 Internet Address 10.1.0.1, port 0 Local tunnel name is r3 Internet Address 30.1.0.3, port 0 Tunnel domain unknown VPDN group for tunnel is not available L2TP class for tunnel is l2tp_default_class 52 packets sent, 735 received 11506 bytes sent, 52164 received Last clearing of "show vpdn" counters never Control Ns 27, Nr 31 Local RWS 800 (default), Remote RWS 800 (max) Tunnel PMTU checking disabled Retransmission time 1, max 1 seconds Unsent queuesize 0, max 0 Resend queuesize 0, max 1 Total resends 0, ZLB ACKs sent 29 Current nosession queue check 0 of 5 Retransmit time distribution: 0 0 0 0 0 0 0 0 0 Sessions disconnected due to lack of resources 0 %No active PPTP tunnels ================================================== ========= r4#ping 45.1.1.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 45.1.1.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms ================================================== =========