设为首页收藏本站language 语言切换
开启辅助访问 切换到宽版

鸿鹄论坛

 找回密码
 论坛注册

QQ登录

先注册再绑定QQ

鸿鹄论坛»鸿鹄论坛 ≡□≡华为认证≡□≡ HCIA学习资料 华为认证: L2TP VPN 配置
返回列表 发新帖
查看: 3283|回复: 10
收起左侧

[分享] 华为认证: L2TP VPN 配置

[复制链接]
goodluck
发表于 2009-8-22 11:02:39 | 显示全部楼层 |阅读模式
[Quidway]dis cu
#
sysname Quidway
#
l2tp enable
#
local-user admin password simple admin
local-user admin service-type telnet
local-user admin level 3
local-user vpdnuser password simple user
local-user vpdnuser service-type ppp
local-user vpdnuser1 password simple user1
local-user vpdnuser1 service-type ppp
local-user vpdnuser2 password simple user2
local-user vpdnuser2 service-type ppp
local-user vpdnuser3 password simple user3
local-user vpdnuser3 service-type ppp
local-user vpdnuser4 password simple user4
local-user vpdnuser4 service-type ppp
local-user vpdnuser5 password simple user5
local-user vpdnuser5 service-type ppp
local-user vpdnuser6 password simple user6
local-user vpdnuser6 service-type ppp
local-user vpdnuser7 password simple user7
local-user vpdnuser7 service-type ppp   
local-user vpdnuser8 password simple user8
local-user vpdnuser8 service-type ppp
local-user vpdnuser9 password simple user9
local-user vpdnuser9 service-type ppp
local-user vpdnuser10 password simple user10
local-user vpdnuser10 service-type ppp
local-user quidway password simple guofeng
local-user quidway service-type terminal telnet
local-user quidway level 3
#
ip pool 1 192.168.1.2 192.168.1.100
#
aaa enable
#
ip host www.sina.com.cn 61.172.201.239
#
firewall enable
#
isp domain sina.com.cn
dns primary 202.102.192.68
dns secondary 202.102.199.68
#
interface Virtual-Template1               
ppp authentication-mode pap
ip address 192.168.1.1 255.255.255.0
remote address pool 1
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
ip address 218.22.38.xx 255.255.255.0
firewall packet-filter 3001 inbound
firewall packet-filter 3001 outbound
nat outbound 2001
nat server protocol tcp global 218.22.38.210 www inside 192.168.0.59 www
#
interface Ethernet0/1
ip address 192.168.0.2 255.255.255.0
#
interface NULL0
#
acl number 2001
rule 0 permit source 192.168.0.0 0.0.0.255
#
acl number 3001
rule 0 deny tcp destination-port eq 135
rule 1 deny tcp destination-port eq 139
rule 2 deny tcp destination-port eq 4444
rule 3 deny tcp destination-port eq 5554
rule 4 deny udp destination-port eq tftp
rule 6 deny tcp source-port eq 5554 destination-port eq 9995
rule 7 deny tcp source-port eq 5554 destination-port eq 9996
rule 9 deny tcp destination-port eq 136
rule 10 deny tcp destination-port eq 138
rule 13 deny udp destination-port eq 135
rule 14 deny udp destination-port eq 136
rule 15 deny udp destination-port eq 389
rule 16 deny udp destination-port eq 445
rule 17 deny tcp destination-port eq 4899
rule 18 deny tcp destination-port eq sunrpc
rule 19 deny tcp destination-port eq 6588
rule 20 deny tcp destination-port eq 1978
rule 21 deny tcp destination-port eq 593
rule 22 deny tcp destination-port eq 3389
rule 23 deny tcp destination-port eq 137
rule 24 deny udp destination-port eq snmp
rule 26 deny tcp destination-port eq 445
rule 27 deny tcp destination-port eq 2745
rule 28 deny tcp destination-port eq 1080
rule 29 deny tcp destination-port eq 6129
rule 30 deny tcp destination-port eq 3127
rule 31 deny tcp destination-port eq 3128
rule 32 deny udp destination-port eq netbios-dgm
rule 33 deny udp destination-port eq netbios-ns
rule 34 deny tcp destination-port eq 5800
rule 35 deny tcp destination-port eq 6667
rule 36 deny tcp destination-port eq 1025
rule 38 deny tcp destination-port eq 1068
rule 39 deny tcp destination-port eq 9995
rule 40 deny udp destination-port eq netbios-ssn
rule 41 deny tcp destination-port eq 539
rule 42 deny udp destination-port eq 539
rule 43 deny udp destination-port eq 1434
rule 44 deny udp destination-port eq 593
#
l2tp-group 1
undo tunnel authentication
mandatory-lcp
allow l2tp virtual-template 1            
#
ip route-static 0.0.0.0 0.0.0.0 218.22.38.209 preference 60
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001000075A7
snmp-agent sys-info version v3
#
user-interface con 0
authentication-mode local
user-interface aux 0
user-interface vty 0 4
authentication-mode local
#
return

WINDOWS客户端需要配置禁用IPSEC加密:
修改注册表:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRasManParameters
下修改ProhibitIPSec,值为,1.
如果没有此键,请自行创建
回复

使用道具 举报

midiexiang
发表于 2012-4-29 20:26:28 | 显示全部楼层
学习了。。。
沙发 2012-4-29 20:26:28 回复 收起回复
回复 支持 反对

使用道具 举报

maqizhao
发表于 2013-4-29 11:47:55 | 显示全部楼层
走过路过,不能错过.
板凳 2013-4-29 11:47:55 回复 收起回复
回复 支持 反对

使用道具 举报

liuychh
发表于 2013-8-31 18:35:13 | 显示全部楼层
地板 2013-8-31 18:35:13 回复 收起回复
回复 支持 反对

使用道具 举报

love鬼皇
发表于 2013-11-12 18:24:10 | 显示全部楼层
5# 2013-11-12 18:24:10 回复 收起回复
回复 支持 反对

使用道具 举报

lhialong1988
发表于 2013-11-13 09:35:13 | 显示全部楼层
很好的东西,谢谢
6# 2013-11-13 09:35:13 回复 收起回复
回复 支持 反对

使用道具 举报

gentlebrother
发表于 2016-1-12 15:52:03 | 显示全部楼层
thanks for sharing
10# 2016-1-12 15:52:03 回复 收起回复
回复 支持 反对

使用道具 举报

sq2046007
发表于 2016-12-21 07:55:32 | 显示全部楼层
太棒了,感谢楼主
11# 2016-12-21 07:55:32 回复 收起回复
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 论坛注册

本版积分规则

QQ|Archiver|手机版|小黑屋|sitemap|鸿鹄论坛 ( 京ICP备14027439号 )  

GMT+8, 2025-2-11 09:45 , Processed in 0.067365 second(s), 23 queries , Redis On.  

  Powered by Discuz!

  © 2001-2025 HH010.COM

快速回复 返回顶部 返回列表