No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring an L2TP Client-Initiated L2TP Connection

Example for Configuring an L2TP Client-Initiated L2TP Connection

Networking Requirements

As shown in Figure 1-22, an enterprise has some branches located in other cities, and branches use the Ethernet network.

The headquarters network provides VPDN services for the branch staff to allow them to access the network of the headquarters. The LNS only authenticates the L2TP Client. The L2TP Client dials up to establish an L2TP connection to the LNS.

Figure 1-22  Networking diagram for establishing an L2TP Client-Initiated L2TP connection

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable L2TP on the L2TP Client. The virtual PPP user sends a connection request to the server in the headquarters over an L2TP tunnel. After the PPP user is authenticated, a tunnel is set up.

  2. On the L2TP Client, configure a reachable route to the LNS and the enable the dial-up function.

  3. On the LNS, configure L2TP, a virtual PPP user, and a route to the public network segment.

Procedure

  1. Configure the L2TP Client.

    # Configure an IP address for the public-network-side interface.

    <Huawei> system-view
    [Huawei] sysname L2TP Client
    [L2TP Client] interface gigabitethernet 1/0/0
    [L2TP Client-GigabitEthernet1/0/0] ip address 202.1.2.1 255.255.255.0
    [L2TP Client-GigabitEthernet1/0/0] quit

    # Configure an IP address for the user-side interface.

    [L2TP Client] interface gigabitethernet 2/0/0
    [L2TP Client-GigabitEthernet2/0/0] ip address 192.168.10.1 255.255.255.0
    [L2TP Client-GigabitEthernet2/0/0] quit

    # Enable L2TP globally, create an L2TP group, and configure the user huawei to establish an L2TP connection to the LNS.

    [L2TP Client] l2tp enable
    [L2TP Client] l2tp-group 1
    [L2TP Client-l2tp1] tunnel name L2TP_Client
    [L2TP Client-l2tp1] start l2tp ip 202.1.1.1 fullusername huawei

    # Enable tunnel authentication and set the tunnel password.

    [L2TP Client-l2tp1] tunnel authentication
    [L2TP Client-l2tp1] tunnel password cipher huawei
    [L2TP Client-l2tp1] quit

    # Configure the user name and password, authentication mode, and IP address for the virtual PPP user.

    [L2TP Client] interface virtual-template 1
    [L2TP Client-Virtual-Template1] ppp chap user huawei
    [L2TP Client-Virtual-Template1] ppp chap password cipher Huawei@1234
    [L2TP Client-Virtual-Template1] ip address ppp-negotiate
    [L2TP Client-Virtual-Template1] quit

    # On the LNS, configure a static route to the public network. For example, set the next hop address to 202.1.2.2.

    [L2TP Client] ip route-static 202.1.1.1 255.255.255.255 202.1.2.2

    # Enable the L2TP Client to dial up and establish an L2TP tunnel.

    [L2TP Client] interface virtual-template 1
    [L2TP Client-Virtual-Template1] l2tp-auto-client enable
    [L2TP Client-Virtual-Template1] quit
    # Configure private routes so that branches can communicate with the headquarters through the private network.
    [L2TP Client] ip route-static 192.168.2.0 255.255.255.0 virtual-template 1

  2. Configure the LNS.

    # Configure an IP address for the public-network-side interface.

    <Huawei> system-view
    [Huawei] sysname LNS
    [LNS] interface gigabitEthernet 1/0/0
    [LNS-GigabitEthernet1/0/0] ip address 202.1.1.1 255.255.255.0
    [LNS-GigabitEthernet1/0/0] quit

    # Configure an IP address for the user-side interface.

    [LNS] interface GigabitEthernet 2/0/0
    [LNS-GigabitEthernet2/0/0] ip address 192.168.2.1 255.255.255.0
    [LNS-GigabitEthernet2/0/0] quit

    # Configure AAA authentication, and set the user name and password to huawei and Huawei@1234 on the LNS.

    [LNS] aaa
    [LNS-aaa] local-user huawei password
    Please configure the login password (8-128)
    It is recommended that the password consist of at least 2 types of characters, i
    ncluding lowercase letters, uppercase letters, numerals and special characters. 
    Please enter password: 
    Please confirm password:
    Info: Add a new user.
    Warning: The new user supports all access modes. The management user access mode
    s such as Telnet, SSH, FTP, HTTP, and Terminal have security risks. You are advi
    sed to configure the required access modes only.
    [LNS-aaa] local-user huawei service-type ppp
    [LNS-aaa] quit

    # Configure an IP address pool for the LNS and allocate an IP address to the dial-up interface of the L2TP Client.

    [LNS] ip pool l
    [LNS-ip-pool-1] network 192.168.1.0 mask 24
    [LNS-ip-pool-1] gateway-list 192.168.1.1
    [LNS-ip-pool-1] quit

    # Create a virtual interface template and configure PPP negotiation parameters.

    [LNS] interface virtual-template 1
    [LNS-Virtual-Template1] ppp authentication-mode chap
    [LNS-Virtual-Template1] remote address pool 1
    [LNS-Virtual-Template1] ip address 192.168.1.1 255.255.255.0
    [LNS-Virtual-Template1] quit

    # Enable L2TP and configure an L2TP group.

    [LNS] l2tp enable
    [LNS] l2tp-group 1

    # Configure an LNS tunnel name and L2TP Client tunnel name.

    [LNS-l2tp1] tunnel name lns
    [LNS-l2tp1] allow l2tp virtual-template 1 remote L2TP_Client

    # Enable the tunnel authentication function, and configure an authentication password.

    [LNS-l2tp1] tunnel authentication
    [LNS-l2tp1] tunnel password cipher huawei
    [LNS-l2tp1] quit

    # On the LNS, configure a static route to the public network. For example, set the next hop address to 202.1.1.2.

    [LNS] ip route-static 202.1.2.1 255.255.255.255 202.1.1.2
    # Configure private routes so that the headquarters can communicate with branches through the private network.
    [LNS] ip route-static 192.168.10.0 255.255.255.0 virtual-template 1

  3. Verify the configuration.

    # Run the display l2tp tunnel command on the L2TP Client or LNS to view L2TP tunnel and session information. The command output for the LNS is shown as an example.

    [LNS] display l2tp tunnel
    
     Total tunnel : 1
     LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
     1        1         202.1.2.1        1701   1       L2TP_Client

    # Check that PC 1 can communicate with PC 2 in the enterprise headquarters.

Configuration Files

  • Configuration file of the L2TP Client

    #
     sysname L2TP Client
    #
     l2tp enable
    #
    interface Virtual-Template1
     ppp chap user huawei
     ppp chap password cipher 
    %^%#'&=6Q(|7-#|.]EB`mK$(h7[CY`2m}-YT)Q=Oh2~2%^%#
     ip address ppp-negotiate
     l2tp-auto-client enable
    #
    interface GigabitEthernet1/0/0
     ip address 202.1.2.1 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 192.168.10.1 255.255.255.0
    #
    l2tp-group 1
     tunnel password cipher %@%@/-#)Lg[S4F:#2~ZNvqa$]\DL%@%@
     tunnel name L2TP_Client
     start l2tp ip 202.1.1.1 fullusername huawei
    #
    ip route-static 192.168.2.0 255.255.255.0 Virtual-Template1
    ip route-static 202.1.1.1 255.255.255.255 202.1.2.2
    #
    return
  • Configuration file of the LNS

    #
     sysname LNS
    #
     l2tp enable
    #
    ip pool 1
     network 192.168.1.0 mask 255.255.255.0
     gateway-list 192.168.1.1
    #
    aaa
     local-user huawei password cipher %^%#_<`.CO&(:LeS/$#F\H0Qv8B]KAZja3}3q'RNx;VI%^%#
     local-user huawei privilege level 0  
     local-user huawei service-type ppp
    #
    interface Virtual-Template1
     ppp authentication-mode chap
     remote address pool 1
     ip address 192.168.1.1 255.255.255.0
    #
    interface GigabitEthernet1/0/0
     ip address 202.1.1.1 255.255.255.0
    #
    interface GigabitEthernet2/0/0
     ip address 192.168.2.1 255.255.255.0
    #
    l2tp-group 1
     allow l2tp virtual-template 1 remote L2TP_Client
     tunnel password cipher %@%@EB~j7Je>;@>uNr''D=J<]\WL%@%@
     tunnel name lns
    #
    ip route-static 192.168.10.0 255.255.255.0 Virtual-Template1
    ip route-static 202.1.2.1 255.255.255.255 202.1.1.2
    #
    return
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 142775

Downloads: 359

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next