USG6000 series equipment headquarters and branches from IPSEC,Headquarters have another L2TP dial up PC,whether PC can be accessed through IPSec division.

27

PC can be accessed through IPSec division.

Other related questions:
Whether a PC at the HQ dialing up through L2TP in a scenario where an IPSec tunnel is established between the HQ and branch can access the branch through IPSec
The PC can access the branches through IPSec.

Method used to configure IPSec between the headquarters and branches on the AR
Huawei AR routers support IPSec tunnel for implementing interconnection between the headquarters and branches. For details about the configuration, see IPSec under "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples. The point-to-multipoint IPSec cases are as follows: - Example for Establishing Multiple IPSec Tunnels Between the Headquarters and Branches Using the IPSec Policy Template - Example for Configuring OSPF and GRE Over IPSec to Implement Communication Between the Branch and Headquarters - Example for Configuring GRE Over IPSec to Implement Communication Between the Branches and Headquarters and NAT to Implement Communication Between Branches (Running OSPF) - Example for Establishing IPSec over DSVPN Tunnels Between Hub and Spokes (Based on ACL) - Example for Establishing an IPSec Tunnel In Manual and IKE Negotiation Modes - Example for Configuring IPSec Reverse Route Injection

Method used to configure an IPSec tunnel on the AR for mutual access between branches
There are two ways of implementing communication between branches on Huawei AR routers. 1. Branches directly communicate with each other. In this case, implementing communication between branches through configuration of IPSec and DSVPN (not supported by the AR510). For details, see "Example for configuring IPSec-based DSVPN" of "DSVPN Configuration" in Configuration Guide - VPN. 2. Branches communicate with each other through the headquarters. For details, see "Example for Configuring GRE Over IPSec to Implement Communication Between the Branches and Headquarters and NAT to Implement Communication Between Branches (Running OSPF)" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

How to configure AR routers in branches to use a domain name to access the headquarters through DSVPN
In the figure on the right, the branch and headquarters access the Internet through PPPoE dialup, and the branch uses the domain name to access the headquarters through DSVPN. Assume that the public network route is reachable. The following describes only key configurations. 1. Configure Spoke1. The configuration of Spoke2 is similar to that of Spoke1, and is not mentioned here. interface Dialer1 //Configure a dialer interface. link-protocol ppp ppp chap user user@huawei.com //Configure CHAP authentication. ppp chap password cipher huawei@123 //Set the CHAP authentication password to huawei@123. ip address ppp-negotiate dialer user huawei //Configure the peer user name for the dialer interface. dialer bundle 1 //Configure a dialer bundle for the dialer interface. dialer-group 1 // Configure a dialer access group. # interface Tunnel0/0/0 //Configure a DSVPN tunnel interface. ip address 10.16.1.2 255.255.255.0 tunnel-protocol gre p2mp source dialer 1 //Configure the dialer interface as the source interface. ospf network-type broadcast nhrp entry 10.16.1.1 www.123.com register //Configure an NHRP mapping table. # interface GigabitEthernet1/0/0 pppoe-client dial-bundle-number 1 //Configure the PPPoE client to use dialer bundle 1. # dialer-rule //Configure a dialer ACL. dialer-rule 1 ip permit # ip route-static 0.0.0.0 0.0.0.0 dialer1 //Configure a default route pointing to the dialer interface. 2. Configure the hub. dns resolve //Enable the dynamic DNS (DDNS) function. dns server 2.1.1.1 //Configure an IP address for the DNS server. # interface Dialer1 link-protocol ppp ppp chap user user@huawei.com ppp chap password cipher huawei@123 ip address ppp-negotiate dialer user huawei dialer bundle 1 dialer-group 1 ddns apply policy mypolicy //Bind the DDNS policy to the interface. # ddns policy mypolicy //Specify the URL in a DDNS update request. The user name is steven and the password is nevets@123. url ""http://:@members.3322.org/dyndns/update?system=dyndns&hostname=&ip="" username steven password nevets@123 # interface Tunnel0/0/0 ip address 10.16.1.1 255.255.255.0 tunnel-protocol gre p2mp source dialer 1 ospf network-type broadcast nhrp entry multicast dynamic # interface GigabitEthernet1/0/0 pppoe-client dial-bundle-number 1 # dialer-rule dialer-rule 1 ip permit # ip route-static 0.0.0.0 0.0.0.0 dialer1

Method used to set up an IPSec tunnel between two ARs that both use PPPoE dialup
Huawei AR routers support an IPSec tunnel between two ARs that both use PPPoE dialup. For details about the configuration, see "5.4.6 Example for Configuring an IPSec Tunnel for Remote Dial-Up Users to Connect to the Headquarters" of "Using VPN to Implement WAN Interconnection" in Typical Configuration Examples.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top