Доброго времени суток.
Возникла необходимость создания L2TP VPN сервера на Cisco 1811, подключаться нужно родным vpn клиентом windows xp - 7.

Имеем: Cisco 1811/K9
Cisco IOS Software, C181X Software (C181X-ADVENTERPRISEK9-M), Version 15.1(2)T, RELEASE SOFTWARE (fc1)

Накидываем тестовый конфиг согласно рекомендациям в теме: https://www.opennet.ru/openforum/vsluhforumID6/19382.html

Конфиг:
vpdn enable
!
vpdn-group VPDN-L2TP
! Default L2TP VPDN group
accept-dialin
  protocol l2tp
  virtual-template 1
lcp renegotiation on-mismatch
no l2tp tunnel authentication

crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key SECRETKEY address 0.0.0.0 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 60
!
!
crypto ipsec transform-set L2TP esp-3des esp-md5-hmac
mode transport
crypto ipsec transform-set L2TP_V ah-sha-hmac esp-3des esp-sha-hmac
mode transport
!
crypto dynamic-map L2TP_D 10
set transform-set L2TP L2TP_V
!
!
crypto map L2TP 20 ipsec-isakmp dynamic L2TP_D

interface Loopback1
ip address 10.50.60.250 255.255.255.0
!
interface FastEthernet0
ip address 10.50.1.250 255.255.255.0
duplex auto
speed auto
crypto map L2TP

interface Virtual-Template1
ip unnumbered Loopback1
no ip route-cache cef
no ip route-cache
peer default ip address pool test
ppp mtu adaptive
ppp encrypt mppe 128
ppp authentication ms-chap-v2

ip local pool test 10.50.60.10 10.50.60.11

Результат:
Клиенты windows XP и Vista подключаются на "ура", при подключении с win7 получаем:
"Ошибка: 788: Попытка L2TP-подключения не удалась, поскольку на уровне безопасности не удалось согласовать параметры с удаленным компьютером."

Делаем
debug ppp negotiation
debug crypto ipsec

Подключаемся с win7, видим в логе:
*Aug 11 03:05:31.591: IPSEC(validate_proposal_request): proposal part #1
*Aug 11 03:05:31.591: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 10.50.1.250:0, remote= 10.50.50.10:0,
    local_proxy= 10.50.1.250/255.255.255.255/17/1701 (type=1),
    remote_proxy= 10.50.50.10/255.255.255.255/17/1701 (type=1),
    protocol= ESP, transform= NONE  (Transport),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Aug 11 03:05:31.591: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
    {esp-aes esp-sha-hmac }
*Aug 11 03:05:31.591: IPSEC(validate_proposal_request): proposal part #1
*Aug 11 03:05:31.591: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 10.50.1.250:0, remote= 10.50.50.10:0,
    local_proxy= 10.50.1.250/255.255.255.255/17/1701 (type=1),
    remote_proxy= 10.50.50.10/255.255.255.255/17/1701 (type=1),
    protocol= ESP, transform= NONE  (Transport),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Aug 11 03:05:31.591: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
    {esp-3des esp-sha-hmac }
*Aug 11 03:05:31.591: IPSEC(validate_proposal_request): proposal part #1
*Aug 11 03:05:31.591: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 10.50.1.250:0, remote= 10.50.50.10:0,
    local_proxy= 10.50.1.250/255.255.255.255/17/1701 (type=1),
    remote_proxy= 10.50.50.10/255.255.255.255/17/1701 (type=1),
    protocol= ESP, transform= NONE  (Transport),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Aug 11 03:05:31.591: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
    {esp-des esp-sha-hmac }
*Aug 11 03:05:31.611: IPSEC(key_engine): got a queue event with 1 KMI message(s)

День гугления и штудирования форумов cisco.com ни к чему не привели, быть может кто сталкивался, есть какие идеи?