L2TP VPN(Two branches with different domain to access HQ)

Created Apr 01, 2015 19:10:42Latest reply Jan 07, 2016 15:56:33 1876 2 0 0

L2TP VPN(Two branches with different domain to access HQ)

<The related eNSP lab file is attached.>

This is my first time to have a L2TP lab. Why do I choose this topic? Because I saw someone here asking for help on this topic, I’d like to learn something as well as helping other people.

The purpose of this lab is to make end users such as Shenzhen PC to obtain IP address (10.1.1.x) from LNS so that it can ping PC Huawei 10.3.1.2. There is also another branch Wuhan PC, we only need to establish another L2TP group to make it work.

The config of LAC is as below and we want to have ***ysis of it:

#

 sysname LAC

#

 l2tp enable

#

aaa

local-user user2@wuhan.com password cipher %$%$<^,lDA#,i!0KY8Q~YeuU9;&K%$%$

 local-user user2@wuhan.com service-type ppp

 local-user user1@shenzhen.com password cipher %$%$8YE!PscA"SpEDk-57rq39:_v%$%$

 local-user user1@shenzhen.com service-type ppp

<We can use aaa to define two pppoe accounts for PC Shenzhen or PC Wuhan to dial>

#

interface Virtual-Template1

 ppp authentication-mode chap

#

interface GigabitEthernet0/0/0

 ip address 202.1.1.1 255.255.255.0

#

interface GigabitEthernet0/0/1

 pppoe-server bind Virtual-Template 1

<First define virtual template and then bind it with interface>

#

interface GigabitEthernet0/0/2

 pppoe-server bind Virtual-Template 1

#

l2tp-group 1

 tunnel password cipher %$%$)US*L(BCWBW=5.,m((RE,#a]%$%$

<The password is huawei123>

 tunnel name lac1

 start l2tp ip 202.1.1.2 domain shenzhen.com

<This is important. With command as above, once user with domain Shenzhen.com is authenticated, it will start l2tp connection with LNS 202.1.1.2. When the L2TP tunnel is established, PPPoE server of LNS will assign IP address such as 10.1.1.254 to LAC, LAC will transfer the IP address to end user Shenzhen. >

#

l2tp-group 2

 tunnel password cipher %$%$Z!mFH&0b:,dEA-=cezh8,#%T%$%$

 tunnel name lac2

 start l2tp ip 202.1.1.1 domain wuhan.com

#

Return

 

The config of LNS is as below:

#

 sysname LNS

#

 l2tp enable

#

ip pool 1

 gateway-list 10.1.1.1

 network 10.1.1.0 mask 255.255.255.0

#

ip pool 2

 gateway-list 10.2.1.1

 network 10.2.1.0 mask 255.255.255.0

#

aaa

 local-user user2@wuhan.com password cipher %$%$k'_"FU1b+)<s=e!#)0tW9Byl%$%$

 local-user user2@wuhan.com service-type ppp

 local-user user1@shenzhen.com password cipher %$%$c\*k(ZQq>:`35V*[FZR29AdF%$%$

 local-user user1@shenzhen.com service-type ppp

#

interface Virtual-Template1

 ppp authentication-mode chap

 remote address pool 1

 ip address 10.1.1.1 255.255.255.0

#

interface Virtual-Template2

 ppp authentication-mode chap

 remote address pool 2

 ip address 10.2.1.1 255.255.255.0

#

interface GigabitEthernet0/0/0

 ip address 202.1.1.2 255.255.255.0

#

interface GigabitEthernet0/0/1

 ip address 10.3.1.1 255.255.255.0

#

l2tp-group 1

 allow l2tp virtual-template 1 remote lac1

 tunnel password cipher %$%$Luk5P9/rK1}l$=C*h@8:,$e3%$%$

 tunnel name lns

#

l2tp-group 2

 allow l2tp virtual-template 2 remote lac2

 tunnel password cipher %$%$OdG'Sl232RIBM=RAx1g&,$q/%$%$

 tunnel name lns

#

return

 

With this we can get IP address from Shenzhen PC as below:

 

 

 

 

 

 

 

 

We can also ping Huawei PC 10.3.1.2, which means we can access the Huawei HQ LAN from branch Shenzhen PC remotely to achieve the VPN purpose.

 

 

 

 

 

 

 

 

 

 

  Why? Just remember virtual template is also an interface can be used as next hop.

 

 

 

 


This article contains more resources

You need to log in to download or view. No account?Register

x
  • x
  • convention:

fcm  Adept   Created Apr 01, 2015 22:39:55 Helpful(0) Helpful(0)

This question and other experts to explain the next.

  • x
  • convention:

Manh     Created Jan 07, 2016 15:56:33 Helpful(0) Helpful(0)

Dear, cloud can simulate PC to dial up?

  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top