Table of contents
- 1. Preparation
- 2. Cisco Router's Configuration Sample #2 (Having a DHCP-Assigned Physical IP Address)
- 2.1. Example Assumptions
- 3. Cisco Router's Configuration Sample #3 (PPPoE WAN Connection)
- 3.1. Example Assumptions
- 4. Cisco Router's Configuration Sample #1 (Having a Fixed Physical IP Address)
- 4.1. Example Assumptions
Most of Cisco's routers which are released on or after 2005 has L2TPv3 over IPsec protocol function. (If not, you might be able to upgrade the IOS version to support it.)
- Why Cisco Routers with SoftEther VPN Server is the Best?
The above link shows the advantage of SoftEther VPN Server with the combination with Cisco Routers.
Preparation
Before setup Cisco router you have to setup the SoftEther VPN Server settings.
On the above screen, check the "Enable EtherIP / L2TPv3 over IPsec Server Function" and click the "Detail Settings" button. The following screen will appear.
In this screen you have to define a mapping-table between L2TPv3 client (router)'s ISAKMP (IKE) Phase 1 ID, and the destination Virtual Hub's name, username and password.
On the above example, VPN connection attempts from any L2TPv3 routers will be regarded to use the "l2tpv3" username to connect the "DEFAULT" Virtual Hub. (The "l2tpv3" user must be registered on the Virtual Hub.)
Essentially you should specify the Cisco's router's ISAKMP (IKE) Phase 1 ID on the ID field. However, you can specify "*" (wildcard) to match for any IDs. This is lack of security but this time is just a tutorial. So a wildcard is used. In the long-term running system you have to specify the Phase 1 ID exactly instead of a wildcard.
Cisco Router's Configuration Sample #2 (Having a DHCP-Assigned Physical IP Address)
Example Assumptions
- Ethernet Ports
FastEthernet 0: WAN Port (Automatic Lease IP Address from DHCP Server)
FastEthernet 1: Bridge Port
- Destination SoftEther VPN Server IP Address
1.2.3.4
- ISAKMP SA Encryption Settings
AES-256 / SHA / DH Group 2 (1024 bit)
- IPsec SA Encryption Settings
AES-256 / SHA
- IPsec Pre-Shard Key
vpn
Cisco Router's Configuration Sample #3 (PPPoE WAN Connection)
Example Assumptions
- Ethernet Ports
FastEthernet 0: WAN Port (Automatic Obtain IP Address via PPPoE)
FastEthernet 1: Bridge Port
- Destination SoftEther VPN Server IP Address
1.2.3.4
- ISAKMP SA Encryption Settings
AES-256 / SHA / DH Group 2 (1024 bit)
- IPsec SA Encryption Settings
AES-256 / SHA
- IPsec Pre-Shard Key
vpn
Cisco Router's Configuration Sample #1 (Having a Fixed Physical IP Address)
Example Assumptions
- Ethernet Ports
FastEthernet 0: WAN Port (IP Address: 2.3.4.5 / Subnet Mask: 255.255.255.0 / DefGW: 2.3.4.254)
FastEthernet 1: Bridge Port
- Destination SoftEther VPN Server IP Address
1.2.3.4
- ISAKMP SA Encryption Settings
AES-256 / SHA / DH Group 2 (1024 bit)
- IPsec SA Encryption Settings
AES-256 / SHA
- IPsec Pre-Shard Key
vpn