Configuration of the Client-Initialized VPN on the USG2000 and USG5000

The method used to configure the Client-Initialized VPN on the USG2000 and USG5000 is as follows:
The LAC client can directly initiates a tunnel establishment request to the LNS bypassing the LAC. The LNS allocates an address to the LAC client.
The HQ network can connect to the Internet through the LNS. An employee on a business trip can directly initiate a tunnel establishment request to the LNS by means of L2TP dialup. The L2TP client software must be installed on the PC of the employee.

Configure the Client-Initialized VPN using the CLI:
1. Configure the LNS.
a. Create and configure the virtual interface template.
[LNS] interface virtual-template 1
[LNS-Virtual-Template1] ip address 192.168.0.1 255.255.255.0
[LNS-Virtual-Template1] ppp authentication-mode chap
[LNS-Virtual-Template1] quit
b. Enable the L2TP.
[LNS] l2tp enable
c. Create and configure the L2TP group.
[LNS] l2tp-group 1
d. Configure local tunnel name on the LNS end and the received peer tunnel name.
[LNS-l2tp1] tunnel name LNS
[LNS-l2tp1] allow l2tp virtual-template 1
[LNS-l2tp1] tunnel authentication
[LNS-l2tp1] tunnel password cipher Password123
Note:
If you use the L2TP client software provided by the Windows system to dial up, you must disable the L2TP tunnel verification function.
e. Define an address pool and allocate an IP address to the dial-up user.
[LNS] aaa
[LNS-aaa] ip pool 1 192.168.0.2 192.168.0.100
f. Set the user name and password (consistent with those configured on the PC of the employee on a business trip).
[LNS-aaa] local-user vpdnuser password cipher Hello123
[LNS-aaa] quit
Note:
Because the addresses in the IP address pool are not in the same network segment as the intranet addresses, you need to configure the route to network segment 192.168.0.0 on the HQ device, and set the next hop address to 192.168.1.1.
g. Allocate an address in the IP address pool to the peer interface.
[LNS] interface virtual-template 1
[LNS-Virtual-Template1] remote address pool 1
[LNS-Virtual-Template1] quit

Scroll to top