beautypg.com

H3C Technologies H3C SecPath F5020 User Manual

Page 51

background image

43

[LNS-GigabitEthernet1/0/1] ip binding vpn-instance vpn1

[LNS-GigabitEthernet1/0/1] quit

# Configure IP addresses for the interfaces. (Details not shown.)
# Configure the route between the LNS and the remote host. (Details not shown.)
# Create a local user named vpdnuser, set the password, and enable the PPP service.

[LNS] local-user vpdnuser class network

[LNS-luser-network-vpdnuser] password simple Hello

[LNS-luser-network-vpdnuser] service-type ppp

[LNS-luser-network-vpdnuser] quit

# Configure local authentication for PPP users in ISP domain system.

[LNS] domain system

[LNS-isp-system] authentication ppp local

[LNS-isp-system] quit

# Enable L2TP.

[LNS] l2tp enable

# Create interface Virtual-Template 1, and specify its IP address as 192.168.0.1/24 and PPP
authentication mode as CHAP.

[LNS] interface virtual-template 1

[LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0

[LNS-virtual-template1] ppp authentication-mode chap domain system

# Specify 192.168.0.2 as the IP address to be allocated to the PPP user.

[LNS-virtual-template1] remote address 192.168.0.2

[LNS-virtual-template1] quit

# Create L2TP group 1 in LNS mode.

[LNS] l2tp-group 1 mode lns

# Configure the local tunnel name as LNS.

[LNS-l2tp1] tunnel name LNS

# Specify Virtual-Template 1 for receiving calls.

[LNS-l2tp1] allow l2tp virtual-template 1

# Configure the tunnel peer to belong to vpn1.

[LNS-l2tp1] vpn-instance vpn1

# Disable tunnel authentication.

[LNS-l2tp1] undo tunnel authentication

2.

Configure the remote host:
# Configure the IP address of the remote host as 2.1.1.1, and configure a route to the LNS

(1.1.2.2).
# Create a virtual private network connection by using the Windows system, or install the L2TP
LAC client software, such as WinVPN Client.
# Complete the following configuration procedure (the procedure depends on the client software):

{

Specify the PPP username as vpdnuser and the password as Hello.

{

Specify the Internet interface address of the security gateway as the IP address of the LNS. In this
example, the Ethernet interface for the tunnel on the LNS has an IP address of 1.1.2.2.

{

Modify the connection attributes: set the protocol to L2TP, the encryption attribute to customized,
and the authentication mode to CHAP.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: