L2TP Configuration Examples 625

cConfigure the IP address of Serial1 interface at LAC side.

[Router-LAC] interface serial 1 [Router-LAC-Serial1] ip address 192.167.0.2 255.255.255.0

dConfigure BDR parameters.

[Router-LAC]dialer-rule 1 ip permit

[Router-LAC] interface async 2 [Router-LAC-Async2] async mode protocol

[Router-LAC-Async2] link-protocol ppp

[Router-LAC-Async2]ip address 192.170.0.1 255.255.255.0

[Router-LAC-Async2]ppp authentication-mode chap

[Router-LAC-Async2]remote address pool 1

[Router-LAC-Async2] dialer enable-legacy

[Router-LAC-Async2] dialer-group 1

2Configuration at the LNS side

aConfigure the username and password (when establishing VPN connection in Windows2000).

[Router-LNS]local-user lns_user service-type ppp password simple

lns

bDefine an address pool and assign a VPN address for the dialup user.

[Router-LNS]ip pool 1 192.168.0.3 192.168.0.100

cImplement local AAA authentication on VPN user.

[Router-LNS] aaa-enable

[Router-LNS]aaa authentication-scheme ppp default local

[Router-LNS]aaa accounting-scheme optional

dConfigure the IP address of Serial0 interface at LNS side.

[Router-LNS] interface serial 0 [Router-LNS-Serial0] ip address 192.167.0.1 255.255.255.0

eEnable L2TP service and configure a L2TP group.

[Router-LNS] l2tp enable

[Router-LNS] l2tp-group 1

[Router-LNS-l2tp1] tunnel name lns-end

[Router-LNS-l2tp1]allow l2tp virtual-template 1 remote win2000

fConfigure the Virtual-Template-related information.

[Router-LNS]interface virtual-template 1 [Router-LNS-Virtual-Template1]ip address 192.168.0.1 255.255.255.0

[Router-LNS-Virtual-Template1] ppp authentication-mode chap

[Router-LNS-Virtual-Template1] remote address pool 1

gDisable tunnel authentication.

[Router-LNS-l2tp1]undo tunnel authentication

hConfigure the route to Windows2000.

[Router-LNS]ip route-static 192.170.0.0 255.255.255.0 192.167.0.2

3Configuration at the user side

By default, IPSec is enabled in Windows2000 operation system, so the IPSec should be disabled after VPN request is originated. Execute regedit command in CLI mode, the [Register Editor] dialog box will pop up.

Page 629
Image 629
3Com 10014299 manual Configure the IP address of Serial1 interface at LAC side, Configure BDR parameters