65-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter65 Configuring L2TP over IPsec
Configuring L2TP over IPsec
Detailed CLI Configuration Steps
Command Purpose
Step1 crypto ipsec ike_version transform-set transform_name
ESP_Encryption_Type ESP_Authentication_Type
Example:
crypto ipsec ikev1 transform-set my-transform-set-ikev1
esp-des esp-sha-hmac
Creates a transform set with a specific ESP
encryption type and authentication type.
Step2 crypto ipsec ike_version transform-set trans_name mode
transport
Example:
crypto ipsec ikev1 transform-set my-transform-set-ikev1
mode transport
Instructs IPsec to use transport mode rather
than tunnel mode.
Step3 vpn-tunnel-protocol tunneling_protocol
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname(config-group-policy)# vpn-tunnel-protocol
l2tp-ipsec
Specifies L2TP/IPsec as the vpn tunneling
protocol.
Step4 dns value [none | IP_primary [IP_secondary]
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname(config-group-policy)# dns value 209.165.201.1
209.165.201.2
(Optional) Instructs the adaptive security
appliance to send DNS server IP addresses
to the client for the group policy.
Step5 wins-server value [none | IP_primary [IP_secondary]]
Example:
hostname(config)# group-policy DfltGrpPolicy attributes
hostname (config-group-policy)# wins-server value
209.165.201.3 209.165.201.4
(Optional) Instructs the adaptive security
appliance to send WINS server IP addresses
to the client for the group policy.
Step6 ip local pool pool_name starting_address-ending_address
mask subnet_mask
Example:
hostname(config)# ip local pool sales_addresses
10.4.5.10-10.4.5.20 mask 255.255.255.0
(Optional) Creates an IP address pool.
Step7 address-pool pool_name
Example:
hostname(config)# tunnel-group DefaultRAGroup
general-attributes
hostname(config-tunnel-general)# address-pool
sales_addresses
(Optional) Associates the pool of IP
addresses with the connection profile
(tunnel group).