SecPath1800F防火墙L2TP双验证方式的
典型配置
一、 组网需求:
验证SecPath1800F防火墙L2TP VPN的功能及同时支持CHAP、PAP两种验证。
二、 组网图
SecPath1800F:Version 3.40, RELEASE 0354(08);
PC:安装有L2TP客户端软件。
三、 配置信息
SecPath1800F防火墙的主要配置
#
acl number 3000 //定义高级ACL
rule 0 permit udp destination-port eq 1701 //允许UDP1701端口
#
sysname SecPath1800F
#
l2tp enable //启用L2TP服务
#
firewall packet-filter default permit interzone local untrust direction outbound
#
bypass switch-back auto
#
firewall mode route
#
firewall statistic system enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet2/0/0
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet2/0/1
ip address 202.38.1.1 255.255.255.0
#
interface Ethernet2/0/2
#
interface Ethernet2/0/3
#
interface Ethernet2/0/4
#
interface Ethernet2/0/5
#
interface Ethernet2/0/6
#
interface Ethernet2/0/7
#
interface Virtual-Template1 //创建虚模板
ppp authentication-mode chap pap //配置验证模式
ip address 192.168.253.1 255.255.255.0
remote address pool 1
#
interface GigabitEthernet1/0/0
#
interface GigabitEthernet1/0/1
#
interface Secp3/0/0
#
interface NULL0
#
firewall zone loc priority 100
#
firewall zone trust
set priority 85
add interface Ethernet2/0/0 //接口加入区域
#
firewall zone untrust
set priority 5
add interface Ethernet2/0/1 //接口加入区域
add interface Virtual-Template1 //虚模板加入到区域
#
firewall zone dmz
set priority 50
#
firewall interzl trust
#
firewall interzone local untrust
packet-filter 3000 inbound //域间启用ACL
#
firewall interzone local dmz
#
firewall interzone trust untrust
#
firewall interzone trust dmz
#
firewall interzone dmz untrust
#
l2tp-group 1 //创建L2TP组
undo tunnel authentication
allow l2tp virtual-template 1
#
aaa
local-user zhaobiao password simple zhaobiao //创建L2TP账号
local-user zhaobiao service-type ppp
ip pool 1 192.168.253.2 192.168.253.254 //创建地址池
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
ip route-static 0.0.0.0 0.0.0.0 202.38.1.2 //配置路由
#
user-interface con 0
authentication-mode none
user-interface aux 0
authentication-mode none
user-interface vty 0 4
#
四、 配置关键点
在虚模板下配置PPP验证方式时,如果先配置PAP,则只能用PAP验证;如果先配置CHAP,则还可以配置PAP参数。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作