Does the AR support the L2TP VPN accounting function

6

The AR does not support L2TP VPN accounting. After a user goes offline, accounting-stop packets are not sent. Therefore, the AR also does not support the accounting function of L2TP users on the RADIUS server. V200R007 and later versions support the accounting function through the RADIUS server.

Other related questions:
Does the AR router support the L2TP VPN accounting function
L2TP of the AR router does not support the accounting function. Accounting-stop packets are not generated after users are disconnected from the network. As a result, the RADIUS accounting function of L2TP users is not supported either. V200R007 and later versions support the RADIUS accounting function.

Does the AR support L2TP
The AR supports L2TPv2 from V200R002C00.

Whether the firewall supports configuring both L2TP VPN and SSL VPN
Yes.

Method used to configure the L2TP VPN in transparent mode on the USG6000
In transparent mode, the USG6000 uses the IP address of the VLANIF interface as the address of the LNS server. The NAT server is configured on the access device. The IP address of the VLANIF interface is provided, as a public IP address, for users. Configure the LNS as follows: 1. Configure the VLAN and VLANIF interface. a. Create a VLAN with ID 10. [LNS] vlan 10 [LNS-vlan10] quit b. Add interfaces GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 to VLAN 10. [LNS] interface GigabitEthernet 0/0/1 [LNS-GigabitEthernet0/0/1] portswitch [LNS-GigabitEthernet0/0/1] port access vlan 10 [LNS-GigabitEthernet0/0/1] quit [LNS] interface GigabitEthernet 0/0/2 [LNS-GigabitEthernet0/0/2] portswitch [LNS-GigabitEthernet0/0/2] port access vlan 10 [LNS-GigabitEthernet0/0/2] quit c. Create a VLANIF interface and configure an IP address. [LNS] interface vlanif 10 [LNS-Vlanif10] ip address 10.2.1.3 255.255.255.0 [LNS-Vlanif10] quit 2. Configure a static route. a. Configure a default route for the LNS, with the next hop address being the IP address of the access device interface that is directly connected to the LNS. [LNS] ip route-static 0.0.0.0 0.0.0.0 10.2.1.1 b. Configure a route to the server network segment on the HQ intranet, with the next hop address being the IP address of the VLANIF interface in the VLAN where the intranet L3 switch interface that is directly connected to the LNS resides. [LNS] ip route-static 10.4.1.0 255.255.255.0 10.2.1.2 3. Configure the L2TP. a. Configure the local user and password. [LNS] aaa [LNS-aaa] local-user vpnuser@domain1.com password cipher Vpnuser@123 b. Configure the IP address pool and allocate an intranet IP address to the VPN user. [LNS-aaa] domain domain1.com [LNS-aaa-domain-domain1.com] ip pool 1 10.3.1.2 10.3.1.254 [LNS-aaa-domain-domain1.com] quit [LNS-aaa] quit c. Enable the L2TP. [LNS] l2tp enable d. Configure the suffix separator of the domain name. Only separator @ is supported when a user name containing a domain name requires a separator. [LNS] l2tp domain suffix-separator @ e. Create the virtual interface template and configure the related parameters, including the IP address, PPP authentication mode, and address pool binding. [LNS] interface virtual-template 1 [LNS-Virtual-Template1] ip address 10.3.1.1 255.255.255.0 [LNS-Virtual-Template1] ppp authentication-mode chap [LNS-Virtual-Template1] remote address pool 1 [LNS-Virtual-Template1] quit f. Create an L2TP group and configure the related parameters, including the local end name of the tunnel, bound virtual interface template, and password used for L2TP tunnel verification. [LNS] l2tp-group 1 [LNS-l2tp1] tunnel name headquarter [LNS-l2tp1] allow l2tp virtual-template 1 [LNS-l2tp1] tunnel password cipher Tunnel@123 [LNS-l2tp1] quit 4. Add the interface to the security zone and configure the inter-zone packet filter. Note: The Virtual-Template interface can be added to any security zone. If the security zone where the Virtual-Template interface resides is different from the security zone where the interface connecting the HQ LNS and the L3 switch resides, packet filter must be configured for two security zones, so that a dial-up user can access resources on the HQ intranet. Packet filter between the security zone where the interface connecting the LNS and the access device resides and the Local security zone must be enabled to accept tunnel negotiation requests initiated by the LAC, for example, the Untrust security zone where interface (5)GigabitEthernet 0/0/1 resides. a. Add the interface to the security zone. [LNS] firewall zone trust [LNS-zone-trust] add interface Vlanif10 [LNS-zone-trust] add interface Virtual-Template 1 [LNS-zone-trust] quit [LNS] firewall zone untrust [LNS-zone-untrust] add interface GigabitEthernet 0/0/1 [LNS-zone-untrust] quit [LNS] firewall zone dmz [LNS-zone-dmz] add interface GigabitEthernet 0/0/2 [LNS-zone-dmz] quit

Does the AR support IP accounting
The AR supports IP accounting.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top