No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Typical Configuration Examples

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600

This document provides examples for configuring AR router features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring a PC to Dial Up to a Router Through L2TP

Example for Configuring a PC to Dial Up to a Router Through L2TP

Applicable Products

This example applies to all AR models of V200R002C00 and later versions.

Networking Requirements

As shown in Figure 4-11, the geographical positions of employees on a business trip often change. However, they need to communicate with the headquarters and access the internal resources in the headquarters at any time. L2TP can be deployed to allow the traveling employees to dial up to access the headquarters network. In this way, the headquarters gateway can identify and manage the access users. A PC running the Windows 7 operating system is used in this example.

Figure 4-11  Configuring a PC to dial up to a router through L2TP

Procedure

  1. Configure the LNS.

    1. Configure an IP address for the interface.

      1. Choose WAN Access > Ethernet Interface to access the Ethernet Interface page, as shown in Figure 4-12.

        Figure 4-12  Ethernet Interface page

      2. In Ethernet Interface List, click next to an Ethernet interface to be configured. The Modify Ethernet Interface page shown in Figure 4-13 is displayed.

        Figure 4-13  Modify Ethernet Interface page

    2. Configure a static route.

      1. Choose IP Service > Route > Static Route Configuration to access the Static Route Configuration page, as shown in Figure 4-14.

        Figure 4-14  Static Route Configuration page

      2. In IPv4 Static Route Configuration Table, click Create. The Create IPv4 Static Route Service page shown in Figure 4-15 is displayed.

        Figure 4-15  Create IPv4 Static Route Service page
    3. Configure the user name and password.

      1. Choose User Management > User Management. The User Management page shown in Figure 4-16 is displayed.

        Figure 4-16  User Management page

      2. Click Create. The Create User page shown in Figure 4-17 is displayed.

        Figure 4-17  Create User page
    4. Configure the L2TP function.

      1. Choose VPN > L2TP VPN > L2TP Server to access the L2TP Server page, as shown in Figure 4-18.

        Figure 4-18  L2TP Server page

      2. In Global Settings, select Enabled and click Apply.

      3. Click Create under Server List. The Create L2TP Server page shown in Figure 4-19 is displayed.

        Figure 4-19  Create L2TP Server page

  2. Configure the Windows 7 operating system.

    1. Modify the Windows registry and disable the digital certificate authentication function.

      Choose Start > Run, enter regedit, and find the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Parameters directory. Right-click Parameters and choose Create. In the dialog box that is displayed, click DWORD (32 bit) Value. In the dialog box that is displayed, set Value name to ProhibitIpSec and Value data to 1. Restart the PC after modification is complete.



    2. Create an L2TP network connection.

      1. Open Network and Sharing Center, click Set Up a Connection or Network, select Connect to a workplace, and click Next.



      2. Click Use my Internet connection (VPN).



      3. Set Internet address to 1.1.1.1 (the IP address of the LNS) and Destination name such as L2TP. The destination name is used as the network connection name. Select Don't connect now; just set it up so I can connect later and then click Next.



      4. Set User name and Password to huawei and Huawei@1234 respectively, and click Create.

        NOTE:

        You do not need to set a value for Domain.



      5. Click Close.



    3. Configure authentication parameters for the L2TP connection.

      1. Open Network and Sharing Center and click Connect to a network. L2TP that is created is displayed. Right-click L2TP and choose L2TP Properties to configure parameters for the connection.

        The parameters on the General tab page do not need to be modified.



      2. Click the Options tab page and select the following items.

        NOTE:

        You can also click PPP Settings on the page and remain other options unchanged.



      3. Click the Security tab page, retain the default setting for Type of VPN or set it to Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec).

        Select the following items under Allow these protocols.

        NOTE:

        If you click Advanced settings on the tab page, the IPSec Settings page is displayed for you to set a pre-shared key for authentication. Do not set a pre-shared key here.



        The Networking and Sharing tab pages do not need to be modified.

      4. Open Network and Sharing Center and click Connect to a network. L2TP that is created is displayed. Double-click L2TP, enter the user name and password, and click Connect.



  3. Verify the configuration.

    # After the configurations are complete, PC1 obtains a private network address 10.1.1.254 for the L2TP connection, and PC1 can communicate with the PC in the headquarters and access the external network resources.

Configuration Notes

  • When you configure an L2TP group, tunnel authentication is not supported because employees access the network using PCs.

  • If employees need to access external networks, add their network segments to ACLs and use NAT to translate their addresses.

  • To enable employees to access external network resources using the domain names, you need to configure the DNS server IP address that the LNS specifies for the peer device in the VT interface template.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1000079722

Views: 55180

Downloads: 7604

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next