H3C Technologies H3C SecPath F1000-E User Manual
Page 280
268
# Enable L2TP and create an L2TP group.
[LNS] l2tp enable
[LNS] l2tp-group 1
# Configure the local tunnel name and specify the virtual template interface for receiving packets
and the tunnel name on the LAC.
[LNS-l2tp1] tunnel name LNS
[LNS-l2tp1] allow l2tp virtual-template 1 remote LAC
# Enable tunnel authentication and configure the authentication password.
[LNS-l2tp1] tunnel authentication
[LNS-l2tp1] tunnel password simple aabbcc
[LNS-l2tp1] quit
# Configure a static route so that packets destined for the VPN will be forwarded through the L2TP
tunnel.
[LNS] ip route-static 10.2.0.0 16 virtual-template 1
2.
Configure the LAC:
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable L2TP and create an L2TP group.
[LAC] l2tp enable
[LAC] l2tp-group 1
# Configure the local tunnel name and specify the IP address of the tunnel peer (LNS).
[LAC-l2tp1] tunnel name LAC
[LAC-l2tp1] start l2tp ip 3.3.3.2 fullusername vpdnuser
# Enable tunnel authentication and configure the authentication password.
[LAC-l2tp1] tunnel authentication
[LAC-l2tp1] tunnel password simple aabbcc
[LAC-l2tp1] quit
# Configure the PPP authentication method PAP, authentication username vpdnuser, and
password Hello for the virtual PPP user.
[LAC] interface virtual-template 1
[LAC-Virtual-Template1] ip address ppp-negotiate
[LAC-Virtual-Template1] ppp pap local-user vpdnuser password simple Hello
[LAC-Virtual-Template1] ppp authentication-mode pap
# Configure the virtual template interface to not check the next hop of a packet to be sent.
[LAC-Virtual-Template1] ppp ignore match-next-hop
[LAC-Virtual-Template1] quit
# Configure a static route so that packets destined for the corporate will be forwarded through the
L2TP tunnel.
[LAC] ip route-static 10.1.0.0 16 virtual-template 1
# Create a local user, configure the username and password, and specify the service type as PPP.
[LAC] local-user vpdnuser
[LAC-luser-vpdnuser] password simple Hello
[LAC-luser-vpdnuser] service-type ppp
# Trigger the LAC to establish an L2TP tunnel with the LNS.
[LAC] interface virtual-template 1
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS