Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
261262263264265266267268269270
253
To create a virtual template interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a virtual template
interface and enter its view.
interface virtual-template
virtual-template-number
By default, no virtual template
interface exists.
NOTE:
You must add the virtual interface template to a proper security zone throu
g
h web. Otherwise, the L2TP
tunnel cannot be established.
Do not add the virtual interface template to zone Management. Otherwise, the L2TP tunnel cannot be
established.
For how to add an interface to a security zone, see
Access Control Configuration Guide
.
Configuring the local address and the address pool for allocation
After an L2TP tunnel is set up between an LAC and an LNS, the LNS needs to assign an IP address to a
VPN user. For this purpose, you can directly specify an IP address, or specify an address pool. Before
specifying an address pool, use the ip pool command in system view or ISP domain view to define the
address pool. For a VPN user to be authenticated, an IP address will be selected from the address pool
configured in ISP domain view. For a VPN user not requiring authentication, the IP address will be
selected from the global address pool defined in system view.
To configure a local address and address pool:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter virtual template
interface view.
interface virtual-template
virtual-template-number
N/A
3. Configure the local IP
address.
ip address ip-address { mask |
mask-length } [ sub ]
N/A
4. Configure the authentication
mode for PPP users.
ppp authentication-mode { chap |
ms-chap | pap } * [ [ call-in ]
domain isp-name ]
Optional.
By default, no authentication is
performed for PPP users.
5. Specify the address pool for
allocating an IP address to a
PPP user, or assign an IP
address to the user directly.
remote address { pool
[ pool-number ] | ip-address }
Optional.
By default, address pool 0 (the
default address pool) is used.
Configuring an LNS to grant certain L2TP tunneling requests
When receiving a tunneling request, an LNS determines whether to grant the tunneling request by
checking whether the tunnel name of the LAC matches the one configured, and determines the virtual
template interface to be used to create the VA interface.
To configure an LNS to grant certain L2TP tunneling requests:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A