H3C Technologies H3C SecPath F1000-E User Manual

Page 278

266

[LNS] local-user vpdnuser

[LNS-luser-vpdnuser] password simple Hello

[LNS-luser-vpdnuser] service-type ppp

[LNS-luser-vpdnuser] quit

# Configure local authentication for the VPN user.

[LNS] domain system

[LNS-isp-system] authentication ppp local

[LNS-isp-system] ip pool 1 192.168.0.2 192.168.0.100

[LNS-isp-system] quit

# Enable L2TP.

[LNS] l2tp enable

# Configure the virtual template interface.

[LNS] interface virtual-template 1

[LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0

[LNS-virtual-template1] ppp authentication-mode chap domain system

[LNS-virtual-template1] remote address pool 1

[LNS-virtual-template1] quit

# Add the virtual template interface to a proper security zone. For how to add an interface to a

security zone, see Access Control Configuration Guide.
# Create an L2TP group and specify the virtual template interface for receiving calls.

[LNS] l2tp-group 1

[LNS-l2tp1] tunnel name LNS

[LNS-l2tp1] allow l2tp virtual-template 1

Configure the VPN user host:

{

Configure the IP address of the user host as 2.1.1.1, and configure a route to the LNS (1.1.2.2).

{

Create a virtual private network connection by using the Windows system, or install the L2TP
client software, such as WinVPN Client.

{

Complete the following configuration procedure (the procedure depends on the client
software):
# Specify the VPN username as vpdnuser and the password as Hello.
# Specify the Internet interface address of the security gateway as the IP address of the LNS. In
this example, the GigabitEthernet interface for the tunnel on the LNS has an IP address of

1.1.2.2.
# Modify the connection attributes, setting the protocol to L2TP, the encryption attribute to
customized and the authentication mode to CHAP.

Verify the configuration:
# On the user host, initiate the L2TP connection. After the connection is established, the user host
can obtain the IP address 192.168.0.2 and ping the private IP address of the LNS (192.168.0.1).
# On the LNS, use the display l2tp session command to check the established L2TP session.

[LNS-l2tp1] display l2tp session

Total session = 1

LocalSID RemoteSID LocalTID

647 1 1

# On the LNS, use the display l2tp tunnel command to check the established L2TP tunnel.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS