This post enquires about the AR1220 L2TP/IPSec setup. Please see more details as you scroll further down this post.
I'm strugling with AR1220 L2TP/IPSec VPN access setup from Android (8.0) and Windows 10 (embeded clients).
With the same client configuration, I can connect to Mikrotik L2TP/IPSec VPN.
If anyone had any working configuration and like to share, that would be very appreciated.
[V200R007C00SPCc00]
#
board add 0/1 4FXS1FXO
board add 0/3 DSP5203
#
drop illegal-mac alarm
#
clock timezone GMT+2 add 03:00:00
#
l2tp enable
#
dns resolve
dns proxy enable
#
vlan batch 41
#
stp mode rstp
#
ike local-name AR1220
#
lldp enable
#
poe slot 0 max-power 100000
#
dhcp enable
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
acl number 2000
description Allow NAT 192.168.0.0/16
rule 5 permit source 192.168.0.0 0.0.255.255
acl number 2001
description Permit 192.168.0.0/16 - Admin access
rule 5 permit source 192.168.0.0 0.0.255.255
rule 10 deny
#
acl number 3101
description IPSec Destinations
rule 5 permit ip destination 192.168.0.0 0.0.255.255
#
ipsec proposal prop
encapsulation-mode transport
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal 5
encryption-algorithm aes-cbc-128
dh group2
authentication-algorithm sha2-256
prf hmac-sha2-256
#
ike peer peer1 v1
exchange-mode aggressive
pre-shared-key cipher %^%#@4CS90Kwn"99}T0'7-m<Dr([X_V$9M+TQ,1ZZZZZZZ#
ike-proposal 5
local-id-type name
nat traversal
#
ipsec policy-template templ 10
ike-peer peer1
proposal prop
#
ipsec policy policy1 10 isakmp template templ
#
ip pool l2tp
gateway-list 192.168.100.1
network 192.168.100.0 mask 255.255.255.0
#
ip pool ip-pool.41
gateway-list 192.168.41.1
network 192.168.41.0 mask 255.255.255.0
dns-list 192.168.41.1 1.1.1.1
domain-name www.wlan
#
aaa
authentication-scheme default
authentication-scheme l2tp
authorization-scheme default
authorization-scheme l2tp
accounting-scheme default
domain default
domain default_admin
domain l2tp
authorization-scheme l2tp
local-user vpnuser password cipher %^%#WiQC9|U4B<+tNQIusw#<1,idOL~_XXXXXXXXXXXXXXX#
local-user vpnuser privilege level 0
local-user vpnuser service-type ppp
#
firewall zone Local
priority 16
#
firewall defend land enable
firewall defend smurf enable
firewall defend fraggle enable
firewall defend winnuke enable
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend icmp-redirect enable
firewall defend icmp-unreachable enable
firewall defend ip-sweep enable
firewall defend port-scan enable
firewall defend tracert enable
firewall defend ping-of-death enable
firewall defend teardrop enable
firewall defend tcp-flag enable
firewall defend ip-fragment enable
firewall defend large-icmp enable
firewall blacklist enable
#
interface Vlanif41
ip address 192.168.41.1 255.255.255.0
dhcp select global
#
interface Eth-Trunk1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
mode lacp-static
#
interface Virtual-Template1
ppp authentication-mode chap domain l2tp
remote address pool l2tp
ip address 192.168.100.1 255.255.255.0
#
interface GigabitEthernet0/0/0
description To PowerLAN
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/1
description To me0 EX2200
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/2
description Empty VLAN 41
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/3
description Empty VLAN 41
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/4
description Trunk to EX2200-1
eth-trunk 1
#
interface GigabitEthernet0/0/5
description Trunk to EX2200-2
eth-trunk 1
#
interface GigabitEthernet0/0/6
description AP
port link-type access
port default vlan 41
#
interface GigabitEthernet0/0/7
description Empty-POE
#
interface GigabitEthernet0/0/8
description WAN
tcp adjust-mss 1200
nat outbound 2000
ipsec policy policy1
auto speed 100
combo-port copper
ip address dhcp-alloc
#
interface GigabitEthernet0/0/9
tcp adjust-mss 1200
ip address 192.168.1.1 255.255.255.0
combo-port copper
dhcp select global
#
interface GigabitEthernet0/0/10
description VirtualPort
#
interface Cellular0/0/0
#
interface Cellular0/0/1
#
interface NULL0
#
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 1
#
info-center source default channel 2 log level debugging debug state on
info-center source IPSEC channel 6
info-center source IKE channel 6
info-center source L2TP channel 6
info-center loghost 192.168.41.20
#
snmp-agent local-engineid 800007DB0348D539636EBD
#
stelnet server enable
#
http acl 2001
http secure-server ssl-policy default_policy
http server enable
http secure-server enable
#
ip route-static 192.168.100.0 255.255.255.0 Virtual-Template1
#
fib regularly-refresh disable
#
user-interface maximum-vty 8
user-interface con 0
authentication-mode aaa
user-interface vty 0 7
acl 2001 inbound
authentication-mode aaa
user privilege level 15
history-command max-size 20
screen-length 0
#
wlan
wmm-profile name wmmf id 0
traffic-profile name traf id 0
security-profile name secf id 0
radio-profile name radiof id 0
wmm-profile id 0
radio-profile name arwebradio id 1
wmm-profile id 0
#
interface Wlan-Radio0/0/0
#
ntp-service unicast-peer 195.85.215.215
#
voice
#
enterprise default
#
diagnose
#
ops
#
autostart
#
return
Please assist me in solving this issue about AR1220 L2TP/IPSec setup. Thanks!