The configuration for different users joining in VPN fror MA5200G.
1. For PPPOE dial-up users, it s required to bind the same VPN instance under address pool and domain. Users' access bas interface does not need bind VPN instance. If bas intereface binds VPN instance that is different from the domain binds, it does not have influence on users.
ip pool vpna local
2. For DHCP users, it is required to bind the same VPN instance under address pool, domain, users' access bas interface. If the configuration is inconsistent, users cannot access network and there is no online failure history record.
The previous part is the same as PPPOE configuration:
3 For static users, it is required to configure the same VPN instance under address pool, domain, access bas interface and static-user command. If the configuration is false, users cannot access network and there is no online failure record. Debug packet has no arp detect information output.
The previous part is the same as DHCP user configuration:
static-user 192.168.0.1 vpn-instance vpna domain-name vpna interface Ethernet 3/0/6 detect
4. For web authentication users, it is required that web server is in VPN instance. Address pool, authentication domain, authentication pre-domain and access bas interface bind the same VPN instance. Designate VPN instance while configuring ACL.
The configuration is the same as VLAN users. ACL configuration is as follows:
rule ip vpn-instance vpna source user-group web1 destination ip-address 126.96.36.199 0
Note: MA5200G 22xx version need import VPN instance in address pool and domain. The interface or configuration command of static users does not need import VPN instance.
For VLAN users joining in VPN instance, if there is no correct configuration, MA5200G cannot handle ARP packet sent by users. There is no record in service trace and online failure information.