Configuration of L2TP over IPSec on the USG6000

Configuration of L2TP over IPSec on the USG6000
Configuration procedure:
1. Complete basic interface configuration, security policy configuration, and route configuration.
2. Configure and apply the IPSec. Note that the source and destination addresses of the data flow protected by the IPSec are the source and destination addresses of the sensitive traffic transmitted over the external interfaces of two gateways.
3. Configure the L2TP and L2TP tunnel source.
For details, click Huawei Security Forum USG6000 L2TP over IPSec Configuration Cases.
1. Configure the IP address of each interface, and add the interfaces to the security zone. The specific configuration procedure is not described here.
2. Enable the inter-zone security policy.
e map_temp
[NGFW_A] interface GigabitEthernet 1/0/1
[NGFW_A-GigabitEthernet 1/0/1] ipsec policy map1
[NGFW_B] ipsec policy map1 10 isakmp
[NGFW_B-ipsec-policy-isakmp-map1-10] security acl 3000
[NGFW_B-ipsec-policy-isakmp-map1-10] proposal tran1
[NGFW_B-ipsec-policy-isakmp-map1-10] ike-peer b
[NGFW_B] interface GigabitEthernet 1/0/1
[NGFW_B-GigabitEthernet1/0/1] ipsec policy map1
5. Configure the L2TP.
A. (LNS end) Configure the L2TP.
[NGFW_A] user-manage user l2tpuser //Configure the L2TP user.
[NGFW_A-localuser-l2tpuser] password Password1
[NGFW_A-localuser-l2tpuser] quit
[NGFW_A] l2tp enable //Enable the L2TP.
[NGFW_A] aaa
[NGFW_A-aaa] ip pool 0 //Configure the IP address pool.
[NGFW_A] interface Virtual-Template 1 //Configure the virtual template interface.
[NGFW_A-Virtual-Template1] ppp authentication-mode pap
[NGFW_A-Virtual-Template1] ip address
[NGFW_A-Virtual-Template1] remote address pool 0 //Set the virtual interface to reference the address pool used to allocate addresses to the peer end.
[NGFW_A] l2tp-group 1 //Create the L2TP group.
[NGFW_A-l2tp1] allow l2tp virtual-template 1
[NGFW_A-l2tp1] tunnel password cipher Pass1234
B. Configure the L2TP.
# Configure the L2TP user.
[NGFW_B] user-manage user l2tpuser
[NGFW_B-localuser-l2tpuser] password Password1
[NGFW_B-localuser-l2tpuser] quit
Configure the L2TP.
[NGFW_B] l2tp enable
[NGFW_B] interface Virtual-Template 1
[NGFW_B-Virtual-Template1] ppp authentication-mode pap
[NGFW_B-Virtual-Template1] quit
[NGFW_B] interface GigabitEthernet 1/0/3
[NGFW_B-GigabitEthernet1/0/3] pppoe-server bind virtual-template 1
[NGFW_B-GigabitEthernet1/0/3] quit
[NGFW_B] l2tp-group 1
[NGFW_B-l2tp1] tunnel password cipher Pass1234
[NGFW_B-l2tp1] start l2tp ip fullusername l2tpuser
[NGFW_B-l2tp1] quit

Scroll to top