Hello. (AR2200 V200R009C00SPC500
Help with L2TP over IPSec setup for remote users. I made the setting according to the instructions
The problem is that users connect with an unspecified or incorrect pre shared key. How do I prevent users from connecting without a pre shared key?
Config:
ike peer vpnusers
undo version 2
pre-shared-key cipher %^%#xzHGU^TL^3f;5nY[8%;8~:[W<dD1KEH.t+9c-kl1%^%#
ike-proposal 5
ike proposal 5
encryption-algorithm 3des
dh group2
authentication-algorithm sha1
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
ipsec proposal vpnusers
encapsulation-mode transport
esp authentication-algorithm sha1
esp encryption-algorithm aes-256
#
ipsec policy-template vpnuser 10
ike-peer vpnusers
proposal vpnusers
ipsec policy vpnusers1 10 isakmp template vpnuser
interface GigabitEthernet0/0/16 #WAN interface
ip address 192.168.1.1 255.255.255.128
nat outbound 3003
zone untrust
traffic-filter inbound acl 3004
ipsec policy vpnusers1
acl number 3001
rule 5 permit udp destination-port eq 1701
rule 10 permit udp destination-port eq 4500
rule 15 permit udp destination-port eq 500
acl number 3003
rule 9 permit ip
acl number 3004
rule 5 permit tcp source 192.168.0.0 0.0.0.255 source-port eq 22
rule 10 permit tcp source 192.168.100.0 0.0.1.255 source-port eq 22
rule 15 permit tcp source 177.217.48.201 0 source-port eq 22
rule 20 permit tcp source 177.217.45.201 0 destination-port eq 22
rule 25 deny tcp destination-port eq 22
rule 30 deny tcp destination-port eq 8080
interzone trust untrust
firewall enable
packet-filter default deny inbound
packet-filter default permit outbound
packet-filter 3001 inbound
interface Virtual-Template1
ppp authentication-mode chap domain lenovo.loc
ppp ipcp dns 192.168.6.30
ip address 192.168.12.1 255.255.255.0
l2tp-group 1
mandatory-chap
undo tunnel authentication
allow l2tp virtual-template 1