L2TP (LAC to LNS) based on HCL experiment

Enterprise 2023-09-30 11:12:31 views: null

FW1 serves as LNS and FW2 serves as LAC

1. The router simulates the Internet, and the firewall writes the default route pointing to the router (omitted)

2. Configure LNS (FW1)

ip pool l2tp1 10.0.0.2 10.0.0.20 //Remote address pool

#

interface Virtual-Template1 //Virtual template

ppp authentication-mode chap

remote address pool l2tp1

ip address 10.0.0.1 255.255.255.0

#

local-user vpnuser class network //Create remote login user

password simple 123456 service-type ppp

#

l2tp-group 1 mode lns allow l2tp virtual-template 1 remote FW2 //Specify the virtual template interface used when establishing an L2TP tunnel, and specify the peer LAC name

undo tunnel authentication //Do not use tunnel authentication

tunnel name FW1 //Specify tunnel name

#

l2tp enable //Enable L2TP function

3. Configure LAC (FW2)

l2tp-group 1 mode lac
 lns-ip 200.0.0.2
 undo tunnel authentication
 tunnel name FW2
#
 l2tp enable 
#
interface Virtual-PPP0
 ppp chap password simple 123456
 ppp chap user vpnuser 
 ip address ppp-negotiate //Enable the interface to accept the password generated by PPP negotiation IP address
 l2tp-auto-client l2tp-group 1 assigned by the server //Used to trigger LAC to automatically establish an L2TP tunnel

test:

View interface and IP configuration information on FW2

Check the tunnel information on FW1 and it shows that it was successfully established.

Because a firewall is used, it is easy to use the security policy to release the traffic (the commands for FW1 and FW2 are the same)

Add the interface to the security domain

security-zone name Trust
 import interface Virtual-Template1
#
security-zone name Untrust
 import interface GigabitEthernet1/0/0

It's just for testing. It's convenient so all traffic is allowed.

security-policy ip
 rule 0 name 1
  action pass
  source-zone Trust
  source-zone Untrust
  source-zone Local
  destination-zone Local
  destination-zone Trust
  destination-zone Untrust

Use OSPF to establish neighbors and deliver routes

[F1]dis cu co ospf
#
ospf 1
 area 0.0.0.0
  network 9.9.9.9 0.0.0.0
  network 10.0.0.1 0.0.0.0

[F2]dis cu co ospf
#
ospf 1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 10.0.0.3 0.0.0.0

Test neighbor establishment and loopback port interoperability

The experiment is successful and ends here

Guess you like

Origin blog.csdn.net/m0_62621003/article/details/132596968
Recommended
Ranking
2019 JD pen questions - Choir
Grafana installation & basic configuration
How to solve the high gas fee of Filecoin? The official attitude is bright!
Informatization development 59
Date,DateFormat,Calendar,
Introduction to MySQL - Understanding MySQL
win10 conexão de área de trabalho remota ubuntu20 (RDP)
52. Customize generics on methods
Detailed explanation of CAP, ACID, BASE theory and NWR practice strategy
UnknownHostException:XXX:Name or service not know
Daily
More
2024-08-01(0)
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)

Code World

© 2018 codetd.com