Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
AVXNWNK2016-08-16 11:28:04
VPN
AVXNWNK, 2016-08-16 11:28:04

How to organize multiple tunnels on Cisco 881?

Hello IT community! In general, the essence of the question is this: how can I organize several VPN tunnels that are incompatible with each other on a Cisco 881 router?
The task is this: the first tunnel will be on clients, L2TP VPN tunnel; the second one will be on the administrator's endpoint, at the end there is a Mikrotik RB750 router, it was decided to run an IP-IP tunnel with IPSec encryption there. Everything is set up, each of them works alone, as it should, they don’t want to work together.
The router configuration is as follows:

aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa authorization exec default local
username ПОЛЬЗОВАТЕЛЬ_L2TP password ПАРОЛЬ_L2TP
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 10
 no l2tp tunnel authentication
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp policy 20
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ПРЕДВАРИТЕЛЬНЫЙ_КЛЮЧ_L2TP address 0.0.0.0 0.0.0.0 no-xauth
crypto isakmp key ПРЕДВАРИТЕЛЬНЫЙ_КЛЮЧ_IPIP address АДРЕС_МИКРОТИКА no-xauth
crypto isakmp keepalive 3600
crypto ipsec transform-set L2TP esp-3des esp-sha-hmac 
 mode transport
crypto ipsec transform-set IPIP esp-3des esp-md5-hmac
 mode transport
!
crypto dynamic-map DYNMAP 10
 set nat demux
 set transform-set L2TP
crypto dynamic-map DYNMAP 20
 set transform-set IPIP
 reverse-route
!
!
crypto map VPN client configuration address respond
crypto map VPN 10 ipsec-isakmp dynamic DYNMAP
crypto map VPN 20 ipsec-isakmp
 description ТУННЕЛЬ_НА_МИКРОТИК
 set peer АДРЕС_МИКРОТИКА
 set security-association lifetime seconds 86400
 set transform-set IPIP
 set pfs group2
 match address 109
interface Tunnel20
 description ТУННЕЛЬНЫЙ_ИНТЕРФЕЙС_НА_МИКРОТИК
 ip unnumbered FastEthernet4
 tunnel source АДРЕС_ЦИСКИ
 tunnel destination АДРЕС_МИКРОТИКА
 tunnel mode ipip
interface FastEthernet4
 ip address ВНЕШНИЙ_АДРЕС 255.255.255.0
 duplex auto
 speed auto
 crypto map VPN
interface Virtual-Template10
 ip unnumbered FastEthernet4
 peer default ip address pool IPVPN
 ppp encrypt mppe 40
 ppp authentication ms-chap ms-chap-v2
ip local pool IPVPN 10.0.0.200 10.0.0.254
ip route ПОДСЕТЬ_МИКРОТИКА 255.255.255.0 Tunnel20
access-list 109 permit ip host АДРЕС_ЦИСКИ host АДРЕС_МИКРОТИКА

Thank you in advance for your help!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
I
impressive172019-12-04 00:39:50
What is the difference between the structure of projects in Obj C and Swift languages? 6Reply
D
Drugsoul2014-09-11 10:57:18
How to authorize VPN users on Microsoft NPS through CISCO? 2Reply
E
Evgeny Yerko2016-09-23 12:59:26
How to share vmware esxi 6 or VM via VPN? 0Reply
K
keeplod2019-02-22 12:30:44
Do you need software to set up an IPsec vpn tunnel? 3Reply
A
Andrey2022-04-12 18:19:35
Why did the site become accessible only through vpn? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question