-
L2TP OVER IPSEC
(LNS
地址在内网,通过公网映射
)
组网
LAC
公网地址为,
LNS
在用户内网地址为,通过映射为公网地址。
<
/p>
用户需求:
PC
用户通过
PPPOE
拨号到
LAC
出发
L2TP
隧道建立,同时要求做
IPS
EC
加密。
配置:
LAC
:
#
version , Release 2512P04
#
sysname lac
#
l2tp enable
#
domain default enable system
#
ipv6
#
telnet server
enable
#
port-security
enable
#
password-recovery
enable
#
acl number 3500
rule 5 permit ip source
0 destination
0
rule 10 permit ip source
0 destination
0
#
vlan 1
#
Ddomain
authentication
ppp local
access-limit disable
state active
idle-cut disable
self-service-url
disable
domain
system
access-
limit disable
state active
idle-cut disable
self-service-url disable
#
ike peer
lac
exchange-
mode aggressive
pre-shared-key cipher $$c$$3$$1x8s/
6RGe2wayz2b/ilLMlHyJ86Kag==
id-type name
remote-name lns
remote-address
local-address
local-name lac
nat traversal
#
ipsec
transform-set lac
encapsulation-mode tunnel
transform esp
esp authentication-
algorithm sha1
esp encryption-algorithm
3des
#
ipsec policy lac 1 isakmp
security acl
3500
ike-peer
lac
transform-
set lac
#
user-group system
group-attribute allow-
guest
#
local-user admin
password cipher $$c$$3$$EiAlBrd/gVGFvSMRAm
LoJwgze3wHlYa1BQ==
authorization-attribute level
3
service-type
telnet
service-
type web
local-user
test
password
cipher $$c$$3$$SQ3SM2FRQoXeMijjRitI72ToSwbJ9f09xw==
p>
service-type
ppp
#
l2tp-group 1
tunnel password cipher
$$c$$3$$TVsHV3HQRBs5eubLlDPrKCp8o8kwnA==
tunnel name lac
start l2tp ip
domain
#
interface
Aux0
async mode
flow
link-
protocol ppp
#
interface
Cellular0/
0
async mode protocol
link-protocol
ppp
#
interface Virtual-Template1
ppp authentication-mode pap
chap domain
#
interface NULL0
#
interface Vlan-
interface1
pppoe-server bind Virtual-Template
1
ip address
GigabitEthernet
0/
0
port link-mode route
ip address
ipsec policy lac
#
interface
GigabitEthernet0/1
port link-mode bridge
#
interface
GigabitEthernet0/
2
port link-mode
bridge
#
interface
GigabitEthernet0/
3
port link-mode
bridge
#
interface
GigabitEthernet0/
4
port link-mode
bridge
#
ip route-static
ip route-static
#
load xml-configuration
#
load tr069-configuration
#
user-interface
tty 12
user-interface aux
0
user-interface vty 0
4
authentication-mode scheme
#
return
LNS
:
#
dialer-rule 1
ip permit
version
Release 0202
#
sysname lns
#
telnet server enable
#
ip
pool 1
#
password-recovery enable
#
vlan
1
#
interface Virtual-Template1
ppp authentication-mode pap
chap
remote
address pool 1
ip address
NULL0
#
interface
LoopBack0
ip
address
interface GigabitEthernet1
/<
/p>
0
#
interface
GigabitEthernet1
/
description
to-12
/
32
ip address
vlan-type dot1q vid
1498
#
interface GigabitEthernet2
/<
/p>
0
#
interface
GigabitEthernet2
/
description
to-11
/
32
ip address
vlan-type dot1q vid
1499
ipsec apply
policy lns
#
scheduler logfile size
16
#
line class aux
user-role network-operator
#
line class
console
user-
role network-admin
#
line class vty
user-role network-operator
#
line aux
0
user-role
network-operator
#
line con
0
user-role
network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-
operator
#
ip route-static
0
ip route-
static
28
ip
route-static
28
authentication ppp local
authorization ppp
local
accounting
ppp local
#
domain system
#
aaa
session-limit ftp 32
aaa session-limit telnet 32
aaa session-limit http
32
aaa session-
limit ssh 32
aaa
session-limit https 32
domain default enable system
#
role name
level-0
description Predefined level-0
role
#
role name level-1
description Predefined
level-1 role
#
role name level-2
description Predefined
level-2 role
#
role name level-3
description Predefined
level-3 role
#
role name level-4
description Predefined
level-4 role
#
role name
level-5
description Predefined level-5
role
#
role name level-6
description Predefined
level-6 role
#
role name level-7
description Predefined
level-7 role
#
role name level-8
description Predefined
level-8 role
#
role name level-9
description Predefined
level-9 role
#
role name level-10
description Predefined
level-10 role
#
role name level-11
description Predefined
level-11 role
#
role name level-12
description Predefined
level-12 role
#
role name level-13
description Predefined
level-13 role
-
-
-
-
-
-
-
-
-
上一篇:中医大-生物化学复习题及答案汇总
下一篇:PET-原核表达金标准