L2TP over IPSEC problem

10 pts.
Tags:
Cisco 876
VPN
Hello, Dispite the fact that i am already bald, I would have been pulling my hair out over the last two days of struggeling with this issue. We have a Zywall 300 USG at the office, and i want to connect with my macbook pro via l2tp over ipsec. After a lot of trial and error and several user guides i have been able to setup the l2tp account. However i cannot get this to work, we have a Cisco 876 connected to our DSL, behind the cisco there is the Zywall USG 300 that functions as the vpn server and firewall. The cisco876 has a static route forwarding all traffic from its ethernet 192.168.1.1 to the wan port of the zywall 192.168.1.2 When i connect my laptop directly to the WAN port of the Zywall the VPN build up withouth a hitch, however when i try to connecto from the outside it gives me the error: Phase 2 local policy mismatch and no proposal chosen. I suspect there is something wrong with the config of the cisco 876, however i am not a cisco expert. So could somebody please have a look at my config and see if i maybe missed the obvious. Thanks in advance! Ammer Building configuration... Current configuration : 2363 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption service sequence-numbers ! hostname pasvision_cisco_876 ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 xxxxxxxxxxxxxxx ! no aaa new-model ! resource policy ! clock timezone GMT 1 clock summer-time GMT date Mar 30 2002 1:00 Oct 26 2035 1:59 ip subnet-zero no ip source-route ip cef ! ! ip tcp synwait-time 10 no ip bootp server no ip domain lookup ip domain name pasvisionsbs ip ssh time-out 60 ip ssh authentication-retries 2 ! ! ! username xxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxx ! ! ! ! ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/33 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 description LAN-interface ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Dialer0 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username xxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxx ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! no ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 101 interface Dialer0 overload ip nat inside source static 192.168.1.2 interface Dialer0 ! access-list 23 remark TTY security access-list 23 permit 192.168.1.0 0.0.0.255 access-list 23 remark Routit access-list 23 permit 213.144.0.0 0.0.255.255 access-list 23 permit 172.31.255.0 0.0.0.255 access-list 101 remark .-. ACL voor de nat netwerken access-list 101 permit ip 192.168.1.0 0.0.0.255 any dialer-list 1 protocol ip permit ! control-plane ! ! line con 0 login local no modem enable line aux 0 line vty 0 4 access-class 23 in privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end

Software/Hardware used:
cisco 876 zywall 300 usg macbook pro
ASKED: October 15, 2012  6:12 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following