H3C MSR 30路由器和IR600 建立L2TP 配置说明
一、 H3C路由器
[H3C]dis cu
#
version 5.20, Beta 1508P02
#
sysname H3C
#
l2tp enable //启用L2TP服务
#
nat address-group 1 203.86.43.190 203.86.43.190 //定义设置NAT组
#
ip pool 1 192.168.1.2 192.168.1.100 //定义指定对端分配地址所用的地址池
#
domain default enable system
#
dns server 8.8.8.8 //定义DNS
dns domain 8.8.8.8
#
vlan 1
#
domain l2tp //定义L2TP域配置
authentication ppp local
authorization ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active ?
idle-cut disable
self-service-url disable
#
tunnel-policy l2tp_tunnel_1 //定义L2TP隧道策略
#
local-user abc //定义本端用户
password simple 123456 //定义用户密码
service-type ppp //定义服务类型
#
acl number 3000 //定义ACL
rule 0 permit ip source 10.5.1.0 0.0.0.255
#
l2tp-group //定义L2TP组
allow l2tp virtual-template 1 //指定接收呼出的虚拟接口模板
tunnel password simple l2tpvpn //配置隧道验证时的密码H3C 30-11路由器必须定义隧道密码
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
port link-mode route
nat outbound static
nat outbound 3000 address-group 1
ip address 203.86.43.190 255.255.255.248
#
interface Ethernet0/1
port link-mode route
nat outbound static
nat outbound 3000
ip address 10.5.1.1 255.255.255.0
#
interface Serial0/0
link-protocol ppp
#
interface Serial1/0
link-protocol ppp
#
interface Virtual-Template1 //定义配置Virtual-Template虚接口模板
ppp authentication-mode chap domain l2tp //配置本端PPP用户进行验证
ppp ipcp remote-address forced
remote address pool 1 //定义虚拟模板指定对端分配地址所用的地址池
ip address 192.168.1.1 255.255.255.0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 203.86.43.185
ip route-static 192.168.2.0 255.255.255.0 192.168.1.2 //IR路由器端的地址虚接口静态路由此处容易不明确,2.0指IR路由器的子网地址(lan口);1.2是IR路由器虚地址。
#
user-interface aux 0
user-interface vty 0 4
#
Return
IR700路由器相关配置
