[Cisco] Config Router ให้สามารถรับ L2TP over IPSec จาก windows client

aaa new-model
aaa authentication ppp L2TP local
!
username cisco password cisco
!
vpdn enable
!
vpdn-group PPPTP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 10
no l2tp tunnel authentication
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key PRESHARED address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set VPN-CLIENT esp-3des esp-sha-hmac
mode transport
crypto ipsec df-bit clear
!
crypto dynamic-map VPN-DYNAMIC-MAP 10
description ## dyanmic crypto map for VPN Users ##
set nat demux
set transform-set VPN-CLIENT
!
!
crypto map VPN-DYNAMIC-CLIENT 10 ipsec-isakmp dynamic VPN-DYNAMIC-MAP
!
interface G0/1
des ### Internet ###
crypto map VPN-DYNAMIC-CLIENT
!
!
interface Virtual-Template10
ip unnumbered Loopback0
peer default ip address pool L2TP_POOL
ppp encrypt mppe 128 required
ppp authentication ms-chap-v2 L2TP
!
ip local pool L2TP_POOL 192.168.1.1 192.168.1.10

#######
Windows XP Setup
1. Start -> Control Panel -> Network Connections
2. Menu File --> New Connection
3. Next --> Select: Connection to the network at my workspace --> Next
4. Select: Virtual Private Network Connection --> Next
5. Enter connection name
6. Select: Do not dial the initial connection --> Next
7. Enter IP Address of VPN Server --> Next --> Finish
8. Show dialog --> Properties --> Security Tab
9. Select: Advanced (customer settings)
10. IPSec Settings --> Use pre-shared key for authentication --> Enter pre-share key --> OK (ex. PRESHARED
11. Enter username,password then Connect (ex. username cisco, password cisco)