回归技术板第一贴,L2TP+ipsec野蛮模式,nat穿越 配置实例 vrp3.3 008
<router>dis cur
#
sysname router
#
super password level 3 simple 123456
#
l2tp enable
#
local-user user password simple passwd
local-user user service-type ppp
#
ip pool 1 192.168.253.17 192.168.253.200
#
aaa enable
aaa accounting-scheme optional
#
ike local-name server
#
ike peer l2tp
exchange-mode aggressive
pre-shared-key abc
id-type name
remote-name client
nat traversal
max-connections 1000
#
ipsec proposal l2tp
esp authentication-algorithm sha1
#
ipsec policy l2tp 1 isakmp
security acl 3000
ike-peer l2tp
proposal l2tp
#
interface Virtual-Template1
ppp authentication-mode pap
ip address 192.168.253.16 255.255.255.0
remote address pool 1
#
interface Aux0
undo detect dsr-dtr
async mode flow
link-protocol ppp
#
interface Ethernet0/0
ip address 202.99.96.68 255.255.255.0
ipsec policy l2tp
#
interface Ethernet0/1
ip address 192.168.254.2 255.255.255.0
#
interface NULL0
#
acl number 3000
rule 0 permit udp source 202.99.96.68 0 source-port eq 1701
rule 1 deny ip
#
l2tp-group 1
undo tunnel authentication
mandatory-lcp
allow l2tp virtual-template 1
#
ip route-static 0.0.0.0 0.0.0.0 202.99.96.254 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
set authentication password simple test
#
return
