Client-initiated VPN

16

In client-initiated VPN, the LNS authenticates users through PPP authentication (PAP or CHAP). In CLI configurations, this is the PPP authentication configured on the VT interface.

Other related questions:
Client-initiated VPN
In client-initiated VPN, the LNS authenticates users through PPP authentication (PAP or CHAP). In CLI configurations, this is the PPP authentication configured on the VT interface.

What are the default passwords of the SMC2.0 server and client software?
SMC2.0 passwords include the server management system (iMana) password, server operating system password, and client software password. - On the operating system of the SMC2.0 V100R001 server, the default user name is Administrator and the password is huawei. - In versions later than SMC2.0 V100R002C01B025SP08, for example, SMC2.0 V100R002C03 or later versions, security hardening is performed on the server and the user name and default password of the server operating system are changed to swmaster and Change_Me respectively. - If the SMC2.0 is upgraded from an early version to a late version, the server user name is changed to swmaster and the password is retained. For details, log in to Huawei Enterprise Technical Support Website, search for SMC2.0, and download the product documentation.

Configuration of the NAS-Initialized VPN on the USG2000 and USG5000
The method used to configure the NAS-Initialized VPN (local authentication) on the USG2000 and USG5000 is as follows: The PC is connected to the LAC by means of PPP dialup. The LAC and LNS communicate over a tunnel on a WAN. The user accesses the network using the domain name. The user name and password are authenticated on the LAC and LNS in local authentication mode. 1. Configure the LAC. a. Create the virtual interface template and bind it with the interface. system-view [LAC] interface Virtual-Template 1 [LAC-Virtual-Template1] ppp authentication-mode chap [LAC-Virtual-Template1] quit [LAC] interface GigabitEthernet 0/0/1 [LAC-GigabitEthernet0/0/1] pppoe-server bind virtual-template 1 [LAC-GigabitEthernet0/0/1] quit b. Enable the L2TP. [LAC] l2tp enable c. Create and configure the L2TP group. [LAC] l2tp-group 1 [LAC-l2tp1] tunnel name LAC [LAC-l2tp1] start l2tp ip 202.38.163.1 domain domain1.com [LAC-l2tp1] tunnel authentication [LAC-l2tp1] tunnel password cipher Password1 [LAC-l2tp1] quit d. Configure the domain name suffix separator. [LAC] l2tp domain suffix-separator @ e. Set the user name and password (consistent with those configured on the user side). [LAC] aaa [LAC-aaa] local-user vpdnuser@domain1.com password cipher Hello123 f. Configure the domain accessed by the user. [LAC-aaa] domain domain1.com 2. Configure the LNS. a. Create virtual template Virtual-Template and configure the related information. [LNS] interface virtual-template 1 [LNS-Virtual-Template1] ip address 192.168.0.1 255.255.255.0 [LNS-Virtual-Template1] ppp authentication-mode chap [LNS-Virtual-Template1] quit b. Enable the L2TP. [LNS] l2tp enable c. Create and configure the L2TP group. [LNS] l2tp-group 1 [LNS-l2tp1] tunnel name LNS [LNS-l2tp1] allow l2tp virtual-template 1 remote LAC [LNS-l2tp1] tunnel authentication [LNS-l2tp1] tunnel password cipher Password1 e. Configure forcible CHAP verification on the local end. [LNS-l2tp1] mandatory-chap [LNS-l2tp1] quit f. Configure the domain name suffix separator. [LNS] l2tp domain suffix-separator @ g. Set the user name and password (consistent with those configured on the LAC). [LNS] aaa [LNS-aaa] local-user vpdnuser@domain1.com password cipher Hello123 h. Configure the domain name accessed by the user. [LNS-aaa] domain domain1.com i. Configure the address pool allocated to the user. [LNS-aaa-domain-domain1.com] ip pool 1 192.168.0.2 192.168.0.100 [LNS-aaa-domain-domain1.com] quit [LNS-aaa] quit Note: Because the addresses in the IP address pool are not in the same network segment as the intranet addresses, you need to configure the route to network segment 192.168.0.0 on the HQ device, and set the next hop address to 192.168.1.1. j. Allocate an address in the IP address pool to the peer interface. [LNS] interface virtual-template 1 [LNS-Virtual-Template1] remote address pool 1 [LNS-Virtual-Template1] quit

Why does not a client initiate a TCP connection
The prerequisite for a client to initiate a TCP connection is: The client receives a Hello message from the peer end and finds itself the destination client based on the transport address carried in the Hello message. If the client does not initiate a TCP connection, check the Hello message receiving and transport address in the received Hello message.

Operating systems supported by the SSL VPN client
Operating systems supported by the SSL VPN client include: Windows 2000 Professional SP3 and later (32-bit) Windows Server 2000 SP3 and later (32-bit) Windows Server 2003 (32-bit) Windows XP SP1 and later (32-bit) Windows Vista (32-bit/64-bit) Windows 7 (32-bit/64-bit) Windows Server 2008 (32-bit/64-bit) Windows 8 (32-bit/64-bit) Mac OS X 10.8.x to 10.9.x

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top