No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the LAC to Initiate Call-Triggered L2TP Connections (Dial-Up Users)

Example for Configuring the LAC to Initiate Call-Triggered L2TP Connections (Dial-Up Users)

Networking Requirements

As shown in Figure 1-20, an enterprise has a branch located in another city, and the branch is located in a traditional dial-up network.

Branch users need to establish VPDN connections with users at the headquarters. Therefore, the branch users apply for the L2TP service from the ISP. The ISP configures the NAS as the LAC to send call connecting requests to the LNS through the Internet.

The gateway in the headquarters is configured as the LNS to establish L2TP connections between the branch and the headquarters.

Figure 1-20  Networking diagram for configuring the LAC to initiate call-triggered L2TP connections (dial-up users)

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure local AAA authentication for the LNS to authenticate dial-up users.

  2. Create an IP address pool and allocate IP addresses to users, so that the LNS can manage the users.

  3. Configure negotiation parameters using the virtual interface template, so that the LNS can implement PPP negotiation with the users.

  4. Configure an L2TP group and create a tunnel between the LAC and LNS, so that the LNS can accept L2TP connection requests.

Procedure

  1. Configure AAA authentication, and set the user name and password to huawei and Huawei@1234.

    <Huawei> system-view
    [Huawei] sysname LNS
    [LNS] aaa
    [LNS-aaa] local-user huawei password
    Please configure the login password (8-128)
    It is recommended that the password consist of at least 2 types of characters, i
    ncluding lowercase letters, uppercase letters, numerals and special characters. 
    Please enter password: 
    Please confirm password:
    Info: Add a new user.
    Warning: The new user supports all access modes. The management user access mode
    s such as Telnet, SSH, FTP, HTTP, and Terminal have security risks. You are advi
    sed to configure the required access modes only. 
    [LNS-aaa] local-user huawei service-type ppp
    [LNS-aaa] quit

  2. Configure a private IP address pool.

    [LNS] ip pool l
    [LNS-ip-pool-1] network 192.168.1.0 mask 24
    [LNS-ip-pool-1] gateway-list 192.168.1.1
    [LNS-ip-pool-1] quit

  3. Set PPP negotiation parameters.

    [LNS] interface virtual-template 1
    [LNS-Virtual-Template1] ip address 192.168.1.1 255.255.255.0
    [LNS-Virtual-Template1] ppp authentication-mode chap
    [LNS-Virtual-Template1] remote address pool 1
    [LNS-Virtual-Template1] quit

  4. Configure the LNS to accept L2TP connection requests.

    # Enable L2TP and configure an L2TP group.

    [LNS] l2tp enable
    [LNS] l2tp-group 1

    # Configure an LNS tunnel name and LAC tunnel name.

    [LNS-l2tp1] tunnel name LNS
    [LNS-l2tp1] allow l2tp virtual-template 1 remote LAC

    # Enable the tunnel authentication function, and configure an authentication password.

    [LNS-l2tp1] tunnel authentication
    [LNS-l2tp1] tunnel password cipher huawei
    [LNS-l2tp1] quit

    # Configure an IP address and a route to the Internet. For example, set the next hop address to the Internet to 202.1.1.2.

    [LNS] interface gigabitethernet 1/0/0
    [LNS-GigabitEthernet1/0/0] ip address 202.1.1.1 255.255.255.0
    [LNS-GigabitEthernet1/0/0] quit
    [LNS] ip route-static 0.0.0.0 0 202.1.1.2

  5. Verify the configuration.

    # After PC 1 goes online, run the display l2tp tunnel command on the LNS. The tunnel and session are established.

    [LNS] display l2tp tunnel
    
     Total tunnel : 1
     LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
     1        1         202.1.2.1        1701   1       LAC

    # Check that PC 1 can communicate with hosts in the enterprise headquarters.

Configuration File

Configuration file of the LNS

#                                                                         
 sysname LNS               
#                                                                               
 l2tp enable                                                                    
#                                                                               
ip pool 1                                                                       
 network 192.168.1.0 mask 255.255.255.0                                         
 gateway-list 192.168.1.1                                                       
#                                                                               
aaa                                                                             
 local-user huawei password cipher %^%#_<`.CO&(:LeS/$#F\H0Qv8B]KAZja3}3q'RNx;VI%^%#
 local-user huawei privilege level 0  
 local-user huawei service-type ppp                                           
#                                                                               
interface Virtual-Template1                                                     
 ppp authentication-mode chap                                                   
 remote address pool 1                                                          
 ip address 192.168.1.1 255.255.255.0                                           
#                                                                               
interface GigabitEthernet1/0/0                                                          
 ip address 202.1.1.1 255.255.255.0                                          
#                                                                               
l2tp-group 1                                                                    
 allow l2tp virtual-template 1 remote LAC                                     
 tunnel password cipher %@%@/-#)Lg[S4F:#2~ZNvqa$]\DL%@%@    
 tunnel name LNS                                                                
#
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2
#                                                                               
return                                                                          
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 152964

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next