Dispite the fact that i am already bald, I would have been pulling my hair out over the last two days of struggeling with this issue.
We have a Zywall 300 USG at the office, and i want to connect with my macbook pro via l2tp over ipsec.
After a lot of trial and error and several user guides i have been able to setup the l2tp account.
However i cannot get this to work, we have a Cisco 876 connected to our DSL, behind the cisco there is the Zywall USG 300 that functions as the vpn server and firewall.
The cisco876 has a static route forwarding all traffic from its ethernet 192.168.1.1 to the wan port of the zywall 192.168.1.2
When i connect my laptop directly to the WAN port of the Zywall the VPN build up withouth a hitch, however when i try to connecto from the outside it gives me the error:
Phase 2 local policy mismatch and no proposal chosen.
I suspect there is something wrong with the config of the cisco 876, however i am not a cisco expert.
So could somebody please have a look at my config and see if i maybe missed the obvious.
Thanks in advance!
Current configuration : 2363 bytes
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxx
no aaa new-model
clock timezone GMT 1
clock summer-time GMT date Mar 30 2002 1:00 Oct 26 2035 1:59
no ip source-route
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name pasvisionsbs
ip ssh time-out 60
ip ssh authentication-retries 2
username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxx
no ip address
no ip address
no atm ilmi-keepalive
encapsulation aal5mux ppp dialer
dialer pool-member 1
dsl operating-mode auto
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
ip address negotiated
ip nat outside
dialer pool 1
ppp authentication pap callin
ppp pap sent-username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxx
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static 192.168.1.2 interface Dialer0
access-list 23 remark TTY security
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 remark Routit
access-list 23 permit 220.127.116.11 0.0.255.255
access-list 23 permit 172.31.255.0 0.0.0.255
access-list 101 remark .-. ACL voor de nat netwerken
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
Software/Hardware used: cisco 876 zywall 300 usg macbook pro
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!