R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

111

112

113

114

115

116

117

118

119

120

114

# Create a local user named vpdnuser, set the password, and enable PPP service. The username and

password must match those configured on the client.

<LNS> system-view

[LNS] local-user vpdnuser

[LNS-luser-vpdnuser] password simple Hello

[LNS-luser-vpdnuser] service-type ppp

[LNS-luser-vpdnuser] quit

# Configure local authentication for the VPN user.

[LNS] domain system

[LNS-isp-system] authentication ppp local

[LNS-isp-system] ip pool 1 192.168.0.2 192.168.0.100

[LNS-isp-system] quit

# Enable L2TP.

[LNS] l2tp enable

# Configure the virtual interface template.

[LNS] interface virtual-template 1

[LNS-virtual-template1] ip address 192.168.0.1 255.255.255.0

[LNS-virtual-template1] ppp authentication-mode chap domain system

[LNS-virtual-template1] remote address pool 1

[LNS-virtual-template1] quit

# Create an L2TP group and specify the virtual interface template for receiving calls.

[LNS] l2tp-group 1

[LNS-l2tp1] tunnel name LNS

[LNS-l2tp1] allow l2tp virtual-template 1

2. Configure the VPN user

On the user host, create a virtual private network connection by using the Windows system, or install the

L2TP client software (such as WinVPN Client) on the host and connect the host to the Internet in dial-up

mode. The IP address of the user host is 2.1.1.1. Configure a route between the user host and the LNS

(1.1.2.2), and then perform the following configurations (the configuration procedure depends on the

client software):

# Specify the VPN username as vpdnuser and the password as Hello.

# Specify the Internet interface address of the security gateway as the IP address of the LNS. In this

example, the GigabitEthernet interface for the tunnel on the LNS has an IP address of 1.1.2.2.

# Modify the connection attributes, setting the protocol to L2TP, the encryption attribute to customized

and the authentication mode to CHAP.

3. Verify the configurations

# On the user host, initiate the L2TP connection. After the connection is established, the user host can get

the IP address 192.168.0.2 and can ping the private IP address of the LNS (192.168.0.1).

# On the LNS, use the display l2tp session command to check the L2TP session established.

[LNS-l2tp1] display l2tp session

Total session = 1

LocalSID RemoteSID LocalTID

647 1 1