object-group service IKE
port-range 500
port-range 4500
exit
object-group service L2TP
port-range 1701
exit
security zone trusted
exit
interface gigabitethernet 1/0/1
security-zone trusted
ip address 198.51.100.10/24
exit
tunnel l2tp 1
security-zone trusted
authentication method mschap-v2
username user password ascii-text encrypted 8CB5107EA7005AFF
remote address 198.51.100.1
ipsec authentication method pre-shared-key
ipsec authentication pre-shared-key ascii-text encrypted 8CB5107EA7005AFF
ipsec ike rekey enable
ipsec ike proposal l2tp
ipsec proposal l2tp
enable
exit
security zone-pair trusted self
rule 1
action permit
match protocol udp
match destination-port L2TP
enable
exit
rule 2
action permit
match protocol udp
match destination-port IKE
enable
exit
rule 3
action permit
match protocol esp
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
enable
exit
exit
security ike proposal l2tp
authentication algorithm sha2-256
encryption algorithm aes128
dh-group 15
exit
security ipsec proposal l2tp
authentication algorithm sha2-256
encryption algorithm aes128
pfs dh-group 15
exit
| 