Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
261262263264265266267268269270
253
237BConfiguration example for NAS-initiated VPN
493BNetwork requirements
As shown in 876HFigure 169, a VPN user accesses the corporate headquarters in the following procedure:
1. The user dials in to the NAS (LAC).
2. The NAS determines whether the user is a valid VPN client. If so, it initiates a tunneling request to
the LNS.
3. After a tunnel is set up between the NAS and the LNS, the NAS transfers the results of its
negotiation with the VPN user to the LNS.
4. The LNS decides whether to accept the connection request according to the negotiated results.
5. The user communicates with the headquarters over the tunnel between the NAS and the LNS.
Figure 169 Network diagram
494BConfiguration procedure
1. Configure the LAC (NAS):
# Configure IP addresses for interfaces. (Details not shown.)
# Create a local user named vpdnuser, set the password, and enable the PPP service.
<LAC> system-view
[LAC] local-user vpdnuser
[LAC-luser-vpdnuser] password simple Hello
[LAC-luser-vpdnuser] service-type ppp
[LAC-luser-vpdnuser] quit
# Configure interface Async 1/0.
[LAC] interface async 1/0
[LAC-Async1/0] ip address 1.1.1.1 255.255.255.0
[LAC-Async1/0] ppp authentication-mode chap
[LAC-Async1/0] quit
# Enable L2TP.
[LAC] l2tp enable
# Create an L2TP group and configure its attributes.
[LAC] l2tp-group 1
[LAC-l2tp1] tunnel name LAC
[LAC-l2tp1] start l2tp ip 1.1.2.2 fullusername vpdnuser
# Enable tunnel authentication and specify the tunnel authentication key.
[LAC-l2tp1] tunnel authentication
[LAC-l2tp1] tunnel password simple aabbcc
2. Configure the LNS:
# Configure IP addresses for the interfaces. (Details not shown.)