R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

271

272

273

274

275

276

277

278

279

280

267

[LNS-Virtual-Template2] ip address 10.0.2.1 255.255.255.0

[LNS-Virtual-Template2] remote address pool 1

[LNS-Virtual-Template2] ppp authentication-mode chap domain bbb.net

[LNS-Virtual-Template2] quit

# Add each virtual template interface to a proper security zone. For how to add an interface to a

security zone, see Access Control Configuration Guide.

# Create two L2TP groups.

[LNS] l2tp-group 3

[LNS-l2tp3] tunnel name LNS

[LNS-l2tp3] tunnel authentication

[LNS-l2tp3] allow l2tp virtual-template 1 remote LAC-1 domain aaa.net

[LNS-l2tp3] tunnel password simple 12345

[LNS-l2tp3] quit

[LNS] l2tp-group 4

[LNS-l2tp4] tunnel name LNS

[LNS-l2tp4] tunnel authentication

[LNS-l2tp4] allow l2tp virtual-template 2 remote LAC-1 domain bbb.net

[LNS-l2tp4] tunnel password simple 12345

If RADIUS authentication is required on the LNS, modify the AAA configurations as needed. For more

information about AAA configuration, see Access Control Configuration Guide.

3. Configure the users:

Create a dial-up connection on each host.

{ On Host A, enter vpdn1@aaa.net as the username and 11111 as the password in the dial-up

terminal window.

{ On Host B, enter vpdn2@aaa.net as the username and 22222 as the password in the dial-up

terminal window.

4. Verify the configuration:

# After Host A establishes a dial-up connection with enterprise 1, Host A obtains the IP address

10.0.1.10 and can ping the private address of the LNS (10.0.1.1).

# After Host B establishes a dial-up connection with enterprise 2, Host B obtains the IP address

10.0.2.10 and can ping the private address of the LNS (10.0.2.1).

# On the LNS, use the display l2tp session command to check the established L2TP sessions.

[LNS-l2tp1] display l2tp session

Total session = 2

LocalSID RemoteSID LocalTID

17345 4351 1

23914 10923 2

# On the LNS, use the display l2tp tunnel command to check the established L2TP tunnels.

[LNS-l2tp1] display l2tp tunnel

Total tunnel = 2

LocalTID RemoteTID RemoteAddress Port Sessions RemoteName

1 1 1.1.2.1 1701 1 LAC-1

2 2 1.1.2.1 1701 1 LAC-1