beautypg.com

Configuration example for lac-auto-initiated vpn, Network requirements, Configuraton procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 55

background image

22

Configuration Example for LAC-Auto-Initiated VPN

Network requirements

Create a virtual PPP user on the LAC and configure the LAC to initiate a tunneling request to the LNS to

establish an L2TP tunnel for the virtual PPP user. When a VPN user accesses the corporate network, all

packets between the VPN user and the corporate network are transmitted through the L2TP tunnel. A

VPN user accesses the corporate network as follows:

1.

The VPN user sends a packet to the LAC through the LAN.

2.

The LAC encapsulates the packet and then forwards the packet through the L2TP tunnel to the LNS.

Figure 11 Network diagram for the LAC-auto-initiated VPN

Internet

LAC

VPN user

LNS

L2TP tunnel

LAN

10.2.0.0/16

GE1/1

3.3.3.2/24

GE1/1
3.3.3.1/24

Corporate

10.1.0.0/16

10.2.0.1

10.1.0.1

Configuraton procedure

Step1

Configure the LNS

# Configure IP addresses for interfaces. (Omitted)
# Create a local user, configure a username and password for the user, and specify the service type as

PPP.

system-view

[LNS] local-user vpdnuser

[LNS-luser-vpdnuser] password simple Hello

[LNS-luser-vpdnuser] service-type ppp

[LNS-luser-vpdnuser] quit

# Configure a virtual template interface.

[LNS] interface virtual-template 1

[LNS-virtual-template1] ip address 192.168.0.20 255.255.255.0

[LNS-virtual-template1] remote address pool 1

[LNS-virtual-template1] ppp authentication-mode pap

# Configure the virtual template interface to not check the next hop of a packet to be sent.

[LNS-Virtual-Template1] ppp ignore match-next-hop

[LNS-virtual-template1] quit

# Configure local authentication for VPN users.

[LNS] domain system

[LNS-isp-system] authentication ppp local

[LNS-isp-system] ip pool 1 192.168.0.2 192.168.0.100

[LNS-isp-system] quit

# Enable L2TP and create an L2TP group.

[LNS] l2tp enable

[LNS] l2tp-group 1

# Configure the local tunnel name and specify the virtual template interface for receiving packets and the
tunnel name on the LAC.