在实际工作场所,相信很多用户需要通过组建VPN的方式使用跨区域业务。本博文重点讲解L2TP类型的VPN的配置方法。
一、配置步骤
综述,L2TP类型的VPN的配置步骤总共有4步:
1、新建地址池(VPN用户使用)
2、新建用户(PPP用户登录使用)
3、创建虚接口(包括认证方式、认证用户、用户地址/地址池)
4、创建L2TP组
二、H3C AR28路由器配置L2TP vpn脚本。
素材:
a、地址段:192.168.222.0/24
b、地址池:1
c、认证用户:l2tp_vpn (密码:l2tp_vpn)
d、虚接口:1
e、L2TP组:1
f、域 domain:vpn
g、认证模式:ppp
-------------------------------------------------------------------------------------
配置脚本如下:
1、使能L2TP
l2tp
enable //使能L2TP
#
2、建立VPN用户地址池
domain
vpn
ip pool 1 192.168.222.2
192.168.222.254
#
3、创建本地用户,认证方式为ppp
local-user
l2tp_vpn //创建本地用户xxaqcpzx
password simple l2tp_vpn
service-type
ppp //采用ppp方式
#
4、创建虚接口
interface Virtual-Template
1
ppp authentication-mode pap domain
vpn //采用PAP的域认证方式
ppp pap local-user xxaqcpzx password simple
xxaqcpzx
ip address 192.168.95.1
255.255.255.0
remote address pool
1 //指定使用ip pool
1给用户分配地址
#
5、创建L2TP组
l2tp-group
1 //创建L2TP组
undo tunnel
authentication //不进行tunnel认证/
mandatory-lcp //LCP再协商 /设备是否配置?
allow l2tp virtual-template
1 //接受任何LAC的l2tp请求,并绑定到虚接口1上/
#
三、华为AR2220配置实录脚本
1、实录脚本:

2、配置结果:
display current-configuration
[V200R003C00]
#
sysname
AR2220
#
snmp-agent local-engineid
800007DB03000000000000
snmp-agent
#
clock timezone Indian
Standard Time minus 05:13:20
clock daylight-saving-time Day Light
Saving Time repeating 12:32 9-1 12:32 11-23
00:00 2005
2005
#
portal local-server load portalpage.zip
#
drop
illegal-mac alarm
#
l2tp enable
#
set cpu-usage
threshold 80 restore 75
#
ip pool 1
network 192.168.222.0 mask
255.255.255.0
excluded-ip-address
192.168.222.1
#
aaa
authentication-scheme
default
authorization-scheme default
accounting-scheme
default
domain default
domain default_admin
domain
vpn
local-user admin password cipher
%$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type
http
local-user l2tp_vpn password cipher
%$%$u0D6ZW]%/;KQdO_`&(#(hH/%$%$
local-user l2tp_vpn privilege level 15
local-user l2tp_vpn
service-type ppp
#
firewall zone Local
priority
15
#
interface Virtual-Template1
ppp authentication-mode pap
domain vpn
remote address pool 1
ppp pap local-user l2tp_vpn
password cipher %$%$0T%R6];"COB9QuG92_l',.eh%$%$
ip address
192.168.222.1 255.255.255.0
#
interface
GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface
GigabitEthernet0/0/2
#
interface NULL0
#
l2tp-group 1
undo
tunnel authentication
mandatory-lcp
allow l2tp
virtual-template 1
#
user-interface con 0
authentication-mode
password
user-interface vty 0 4
user-interface vty 16 20
#
wlan
ac
#
return
发表评论: