------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------ IPSEC site to site VTI configuration show vpn ipsec site-to-site peer 1xy.y.y.y authentication { mode pre-shared-secret pre-shared-secret ......... } connection-type initiate ike-group IKE-group ikev2-reauth inherit local-address 2yx.x.x.x vti { bind vti10 esp-group ESP-group } ------------------------------ show interfaces vti vti10 address 10.y.z.z/30 description PeerToCustomer mtu 1400 show protocols static interface-route interface-route 10.x.x.x/27 { next-hop-interface vti10 { } } ------------------------------------- nat-networks { allowed-network 10.0.0.0/8 { } allowed-network 172.16.0.0/12 { exclude 172.x.x.0/24 } allowed-network 192.168.0.0/16 { exclude 192.168.x.0/24 exclude 192.168.y.0/24 exclude 192.168.z.0/24 exclude 192.168.h.0/24 } } -------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------L2TP configuration show vpn l2tp remote-access { authentication { local-users { username ....... { password ........ } } mode local } client-ip-pool { start 192.168.x.y stop 192.168.x.z } dns-servers { server-1 ........ server-2 ........ } ipsec-settings { authentication { mode x509 x509 { ca-cert-file /.../.... crl-file /.../.... server-cert-file /.../.... server-key-file /.../.... server-key-password "" } } ike-lifetime 300 } outside-address 2yx.x.x.x outside-nexthop 2yx.x.x.y wins-servers { server-1 ............ } }