No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring L2TP Client-Initiated L2TP Connections Using the 3G Interface

Example for Configuring L2TP Client-Initiated L2TP Connections Using the 3G Interface

Networking Requirements

As shown in Figure 1-24, an enterprise has some branches located in other cities, and its branches use the Ethernet network and have gateways deployed, so that branch hosts can access the Internet.

The headquarters provides VPDN services for the branch staff to allow any staff to access the network of the headquarters. The LNS only authenticates the L2TP Client. The L2TP Client dials up to establish L2TP connections between the L2TP Client and LNS.

Figure 1-24  Networking diagram for L2TP Client-Initiated L2TP connections using the 3G interface

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a dial string for dialup on a 3G interface and a route to the public network address.

  2. Enable L2TP on the L2TP Client. The virtual PPP user sends a connection request to the server in the headquarters over an L2TP tunnel. After the PPP user is authenticated, a tunnel is set up.

  3. Configure a route to the public network address with the 3G interface as the outbound interface, and enable the dial function on the L2TP Client.

  4. On the LNS, configure L2TP, a virtual PPP user, and a route to the public network segment.

Procedure

  1. Configure RouterA (the L2TP Client side).

    In this example, the IP address of Cellular0/0/0 on RouterA is allocated by the ISP, and the IP address of GE2/0/0 on RouterB is 12.1.1.1.

    # Configure dialup on Cellular0/0/0.

    <Huawei> system-view
    [Huawei] sysname RouterA
    [RouterA] dialer-rule
    [RouterA-dialer-rule] dialer-rule 1 ip permit
    [RouterA-dialer-rule] quit
    [RouterA] interface cellular 0/0/0
    [RouterA-Cellular0/0/0] link-protocol ppp 
    [RouterA-Cellular0/0/0] ip address ppp-negotiate
    [RouterA-Cellular0/0/0] dialer enable-circular
    [RouterA-Cellular0/0/0] dialer-group 1
    [RouterA-Cellular0/0/0] dialer timer autodial 60
    [RouterA-Cellular0/0/0] dialer number *99# autodial
    [RouterA-Cellular0/0/0] mode wcdma wcdma-precedence
    [RouterA-Cellular0/0/0] quit
    [RouterA] apn profile 3gprofile
    [RouterA-apn-profile-3gprofile] apn 3GNET
    [RouterA-apn-profile-3gprofile] quit
    [RouterA] interface cellular 0/0/0
    [RouterA-Cellular0/0/0] apn-profile 3gprofile
    [RouterA-Cellular0/0/0] shutdown
    [RouterA-Cellular0/0/0] undo shutdown
    [RouterA-Cellular0/0/0] quit
    

    # Configure an IP address for the public-network-side interface.

    [RouterA] interface gigabitethernet 1/0/0
    [RouterA-GigabitEthernet1/0/0] ip address 192.168.1.1 255.255.255.0
    [RouterA-GigabitEthernet1/0/0] quit

    # Configure an L2TP group and its attributes.

    [RouterA] l2tp enable
    [RouterA] l2tp-group 1
    [RouterA-l2tp1] tunnel name L2TP_Client
    [RouterA-l2tp1] start l2tp ip 12.1.1.1 fullusername huawei

    # Enable tunnel authentication and set the tunnel password.

    [RouterA-l2tp1] tunnel authentication
    [RouterA-l2tp1] tunnel password cipher 123
    [RouterA-l2tp1] quit

    # Configure the user name and password, authentication mode, and IP address for the virtual PPP user.

    [RouterA] interface virtual-template 1
    [RouterA-Virtual-Template1] ppp chap user huawei
    [RouterA-Virtual-Template1] ppp chap password ciphe Huawei@1234
    [RouterA-Virtual-Template1] ip address 13.1.1.2 255.255.255.0
    [RouterA-Virtual-Template1] quit

    # Configure a public route so that the packets sent to the headquarters are forwarded through the 3G interface.

    [RouterA] ip route-static 0.0.0.0 0 Cellular0/0/0

    # Enable the L2TP Client to establish an L2TP tunnel.

    [RouterA] interface virtual-template 1
    [RouterA-virtual-template1] l2tp-auto-client enable
    [RouterA-virtual-template1] quit
    # Configure private routes so that branches can communicate with the headquarters through the private network.
    [RouterA] ip route-static 192.168.0.0 255.255.255.0 virtual-template 1

  2. Configure RouterB (the LNS side).

    # Assign an IP address to GigabitEthernet2/0/0 on RouterB.

    <Huawei> system-view
    [Huawei] sysname RouterB
    [RouterB] interface gigabitEthernet 2/0/0
    [RouterB-GigabitEthernet2/0/0] ip address 12.1.1.1 255.255.255.0
    [RouterB-GigabitEthernet2/0/0] quit

    # Configure a private IP address.

    [RouterB] interface GigabitEthernet 1/0/0
    [RouterB-GigabitEthernet1/0/0] ip address 192.168.0.1 255.255.255.0
    [RouterB-GigabitEthernet1/0/0] quit

    # Create and configure a virtual template.

    [RouterB] interface virtual-template 1
    [RouterB-Virtual-Template1] ppp authentication-mode chap
    [RouterB-Virtual-Template1] ip address 13.1.1.1 255.255.255.0
    [RouterB-Virtual-Template1] quit

    # Enable L2TP and configure an L2TP group.

    [RouterB] l2tp enable
    [RouterB] l2tp-group 1

    # Set the local and remote tunnel names for the LNS.

    [RouterB-l2tp1] tunnel name LNS
    [RouterB-l2tp1] allow l2tp virtual-template 1 remote L2TP_Client

    # Enable tunnel authentication and set the tunnel password.

    [RouterB-l2tp1] tunnel authentication
    [RouterB-l2tp1] tunnel password cipher 123
    [RouterB-l2tp1] quit

    # Set the user name and password to huawei and Huawei@1234, which must be the same as those on the L2TP Client side.

    [RouterB] aaa
    [RouterB-aaa] local-user huawei password
    Please configure the login password (8-128)
    It is recommended that the password consist of at least 2 types of characters, i
    ncluding lowercase letters, uppercase letters, numerals and special characters. 
    Please enter password: 
    Please confirm password:
    Info: Add a new user.
    Warning: The new user supports all access modes. The management user access mode
    s such as Telnet, SSH, FTP, HTTP, and Terminal have security risks. You are advi
    sed to configure the required access modes only.
    [RouterB-aaa] local-user huawei service-type ppp
    [RouterB-aaa] quit

    # Configure an IP address and a route to the Internet. For example, set the next hop address to the Internet to 12.1.1.2.

    [RouterB] ip route-static 0.0.0.0 0 12.1.1.2
    # Configure private routes so that the headquarters can communicate with branches through the private network.
    [RouterB] ip route-static 192.168.1.0 255.255.255.0 virtual-template 1

  3. Verify the configuration.

    # Run the display l2tp tunnel command on the L2TP Client and LNS. You can see that a tunnel has been established. The command output on the L2TP Client is used as an example.

    [RouterA] display l2tp tunnel
    
     Total tunnel : 1
     LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
     1        1         12.1.1.1         1701   1        LNS
    

    # Run the display l2tp session command to check the session status. The command output on the LNS is used as an example.

    [RouterB] display l2tp session
    
     Total session : 1
     LocalSID  RemoteSID  LocalTID
      1         1          1
    

    # Check that PCs in the branch can access servers in the headquarters.

Configuration Files

  • Configuration file of RouterA

    #                                                                         
     sysname RouterA               
    #                                                                               
     l2tp enable                                                                    
    #                                                                               
    interface Virtual-Template1                                                     
     ppp chap user huawei
     ppp chap password cipher %^%#'&=6Q(|7-#|.]EB`mK$(h7[CY`2m}-YT)Q=Oh2~2%^%#
        
     ip address 13.1.1.2 255.255.255.0                                              
     l2tp-auto-client enable                                                        
    #                                                                               
    interface Cellular0/0/0                                                         
     link-protocol ppp                                                              
     ip address ppp-negotiate                                                       
     dialer enable-circular                                                         
     dialer-group 1
     apn-profile 3GNET
     dialer timer autodial 60                                                       
     dialer number *99# autodial                                                    
    #                                                                               
    interface GigabitEthernet1/0/0                                                  
     ip address 192.168.1.1 255.255.255.0                                           
    #                                                                               
    l2tp-group 1                                                                    
     tunnel password cipher %@%@d'o6Xpp(i/i:WRC)`'0#3nJ*%@%@
     tunnel name L2TP_Client                                                                
     start l2tp ip 12.1.1.1 fullusername huawei                                     
    #
    dialer-rule
     dialer-rule 1 ip permit
    #
    apn profile 3GNET
    #
    ip route-static 0.0.0.0 0.0.0.0 Cellular0/0/0
    ip route-static 192.168.0.0 255.255.255.0 Virtual-Template1
    #                                                                               
    return            
  • Configuration file of RouterB

    #                                                                               
     sysname RouterB               
    #                                                                               
     l2tp enable                                                                    
    #                                                                               
    aaa                                                                             
     local-user huawei password cipher %^%#_<`.CO&(:LeS/$#F\H0Qv8B]KAZja3}3q'RNx;VI%^%#
     local-user huawei privilege level 0  
     local-user huawei service-type ppp                                             
    #                                                                               
    interface Virtual-Template1                                                     
     ppp authentication-mode chap                                                    
     ip address 13.1.1.1 255.255.255.0                                              
    #                                                                               
    interface GigabitEthernet1/0/0                                                  
     ip address 192.168.0.1 255.255.255.0                                           
    #                                                                               
    interface GigabitEthernet2/0/0                                                  
     ip address 12.1.1.1 255.255.255.0                                              
    #                                                                               
    l2tp-group 1                                                                    
     allow l2tp virtual-template 1 remote L2TP_Client                                       
     tunnel password cipher %@%@5j*=S&AGXK'J}kG])REK]_-o%@%@   
     tunnel name LNS                                                                
    #                                                                               
    ip route-static 0.0.0.0 0.0.0.0 12.1.1.2                     
    ip route-static 192.168.1.0 255.255.255.0 Virtual-Template1
    #                                                                               
    return 
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 150807

Downloads: 365

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next