Huawei firewall L2TP *** configuration

                                           

Configure the interface and add the interface to the relevant area

[FW1-GigabitEthernet1/0/0]ip add 10.1.1.1 24

[FW1-GigabitEthernet1/0/1]ip add 192.168.0.254 24

[FW1]firewall zone untrust

[FW1-zone-untrust]add interface GigabitEthernet 1/0/1

[FW1]firewall zone trust

[FW1-zone-trust]add interface GigabitEthernet 1/0/0

Release related orders

[FW1-GigabitEthernet1/0/0]service-manage ping permit

[FW1-GigabitEthernet1/0/1]service-manage ping permit

Create L2TP *** template

[FW1]int Virtual-Template 0

[FW1-Virtual-Template0]ip add 10.1.2.1 24

[FW1-Virtual-Template0]ppp authentication-mode chap // Configure the identity authentication mode to CHAP

[FW1-Virtual-Template0]remote address 10.1.2.10

[FW1]firewall zone untrust

[FW1-zone-untrust]add interface Virtual-Template 0 // Add the virtual interface to the relevant zone

Enable L2TP service and set parameters

[FW1]l2tp enable // Enable L2TP

[FW1]l2tp-group 1 // Create L2TP group

[FW1-l2tp-1]tunnel name client // Configure the L2TP tunnel name

[FW1-l2tp-1]allow l2tp virtual-template 0 remote client // call L2TP virtual template

[FW1-l2tp-1]tunnel authentication // Configure tunnel authentication

[FW1-l2tp-1]tunnel password cipher ABCabc@123 // Configure tunnel authentication password

Create dial-up user

[FW1]user-manage user user001 

[FW1-localuser-user001]password ABCabc@1234

[FW1-localuser-user001]parent-group /default

Configure security policy

[FW1]security-policy

[FW1-policy-security-rule-l2tp1]source-zone trust

[FW1-policy-security-rule-l2tp1]destination-zone untrust

[FW1-policy-security-rule-l2tp1]source-address 10.1.1.0 24

[FW1-policy-security-rule-l2tp1]action permit

[FW1-policy-security]rule name l2tp2

[FW1-policy-security-rule-l2tp2]source-zone untrust

[FW1-policy-security-rule-l2tp2]destination-zone trust

[FW1-policy-security-rule-l2tp2]destination-address 10.1.1.0 24

[FW1-policy-security-rule-l2tp2]action permit

[FW1-policy-security]rule name l2tp3

[FW1-policy-security-rule-l2tp3]source-zone local untrust

[FW1-policy-security-rule-l2tp3]destination-zone local untrust

[FW1-policy-security-rule-l2tp3]service l2tp

[FW1-policy-security-rule-l2tp3]action permit