Got it
Huawei Enterprise Support Community
Community Forums Security
L2TP lns configuration /V...

L2TP lns configuration /Virtual-Template1 Physical up Protocol down

Created: Mar 6, 2019 10:52:39Latest reply: Mar 8, 2019 01:20:29 1842 5 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello, forum! Need some help with configuration lns on Huawei AR2240 VRP (R) software, Version 5.160 (AR2200 V200R007C00SPCb00)

I use this sample for configuration my LNS https://support.huawei.com/enterprise/ru/doc/EDOC1000177805/577d3cab/example-for-configuring-l2tp-client-initiated-l2tp-connections

but i cant conect to this server with mikrotik l2tp client, or seco client or anything else. I tryed to remove inbound acl frome wan interface and nothig changed. With

"display ip interface brief Virtual-Template" i have


Interface                         IP Address/Mask      Physical   Protocol  


Virtual-Template1                 10.203.0.1/23        up         down 




Mikrotik client side:

184945n6cevzivfqbwncn6.jpg?%D0%A1%D0%BD%


This is my config:


ip vpn-instance vrf-ertelekom

ipv4-family 

ip route-static vpn-instance vrf-ertelekom 0.0.0.0 0.0.0.0 X.X.X.Y

interface GigabitEthernet0/0/0.63

description ISP
dot1q termination vid 63
ip binding vpn-instance vrf-ertelekom
ip address X.X.X.X 255.255.255.0
nat outbound 3102
traffic-filter inbound acl 3006 

acl number 3006

 rule 5 permit udp destination-port eq 1701
rule 10 permit udp destination-port eq 4500

rule 15 permit udp destination-port eq 500  

 rule 198 deny tcp destination X.X.X.X 0 destination-port range 1 1024
rule 199 deny udp destination X.X.X.X 0 destination-port range 1 1024
rule 200 permit ip  

l2tp enable

ip pool lns
gateway-list 10.203.0.1
network 10.203.0.0 mask 255.255.254.0
interface Virtual-Template1
ppp authentication-mode chap
remote address pool lns

ip address 10.203.0.1 255.255.254.0 

l2tp-group 1
undo tunnel authentication

allow l2tp virtual-template 1  

 aaa

local-user l2tp password cipher XXX
local-user l2tp privilege level 0
local-user l2tp service-type ppp 


L2TPLNS

Like (0) Dislike (0) Favorite(0) Share Report
Previous: BootROM Menus
Next: Integrated Routing and Bridging (IRB) on Huawei USG6320
Featured Answers

Recommended answer

(0) (0)
chenhui
Admin Created Mar 8, 2019 01:20:29

Posted by behold at 2019-03-07 10:46@chenhui thanx again, but i didnt catch nothing new from this article. AAA credentials is ok, IP p ...

@behold, I checked the user manual, it said that the Windows registry should be modified and digital certificate authentication function should be disabled.
for the detail, please check the url https://support.huawei.com/enter ... 08c7?idPath=7919710|21432787|21430822|22318703|21247181
View more
  • x
  • convention:
All Answers
(0) (0)
2#
chenhui
chenhui Admin Created Mar 7, 2019 07:57:52

@behold please refer to http://support.huawei.com/hedex/hdx.do?docid=EDOC1000163385&lang=en&tocURL=resources/dc/dc_ar_faq_ipsec_0004.html
View more
  • x
  • convention:
(0) (0)
3#
behold
behold Created Mar 7, 2019 08:11:38

@chenhui thanx! but youre link lead on empty document. As well I don need ipsec yet, i just want only working l2tp.
111
View more

This article contains more resources

You need to log in to download or view. No account? Register

x
  • x
  • convention:
(0) (0)
4#
chenhui
chenhui Admin Created Mar 7, 2019 09:41:21

Posted by behold at 2019-03-07 08:11 @chenhui thanx! but youre link lead on empty document. As well I don need ipsec yet, i just want onl ...
my fault for not checking the url.
please check the path configuration -> CLI-based configuration -> VPN configuration guide -> L2TP configuration -> troublshooting L2TP -> user failed to dial up to the LNS.
View more
  • x
  • convention:
(0) (0)
5#
behold
behold Created Mar 7, 2019 10:46:25

Posted by chenhui at 2019-03-07 09:41 my fault for not checking the url.please check the path configuration -> CLI-based configuration - ...
@chenhui thanx again, but i didnt catch nothing new from this article. AAA credentials is ok, IP pool is ok, TunnelAuth disabled, chap used on both sides.
View more
  • x
  • convention:
(0) (0)
6#
chenhui
chenhui Admin Created Mar 8, 2019 01:20:29

Posted by behold at 2019-03-07 10:46@chenhui thanx again, but i didnt catch nothing new from this article. AAA credentials is ok, IP p ...

@behold, I checked the user manual, it said that the Windows registry should be modified and digital certificate authentication function should be disabled.
for the detail, please check the url https://support.huawei.com/enter ... 08c7?idPath=7919710|21432787|21430822|22318703|21247181
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.