L2TP ×××主要是为了解决移动办公人员联入公司内网的一种解决方案。我们来演示一下配置。

拓扑:

115529552.png


Netscreen Configuration:

set int eth3 ip 200.1.1.2/24

set int eth3 manage

set route 0.0.0.0 0.0.0.0 int eth3 gateway 200.1.1.1


1.定义一个地址池
set ippool ruru 192.168.3.1 192.168.3.254
2.修改L2TP缺省配置
set l2tp default dns1 220.189.127.106
set l2tp default dns2 220.189.127.107
set l2tp default ippool ruru
3.定义l2tp-tunnel
set l2tp l2tp*** outgoing-interface eth3 keepalive 3600
set l2tp l2tp*** remote-setting ippool ruru
4.定义两个个内网测试地址:
set int lo.1 zone trust

set int lo.1 ip 192.168.1.1/24

set int lo.1 manage

set int lo.2 zone trust

set int lo.2 ip 192.168.2.1/24

set int lo.2 manage

5.定义内网地址本:
set address trust 192.168.1.0 192.168.1.0/24
set address trust 192.168.2.0 192.168.2.0/24
6.定义L2TP user:
set user rujinfeng type l2tp
set user rujinfeng remote ippool ruru
set user rujinfeng password rujinfeng
set user rujinfeng enable
7.定义policy
set policy top from untrust to trust "Dial-Up ×××" 192.168.1.0 any tun l2tp l2tp***
set policy top from untrust to trust "Dial-Up ×××" 192.168.2.0 any tun l2tp l2tp***



ISP:

int e0/0

ip add 200.1.1.1 255.255.255.0

no sh

int e0/1

ip add 200.1.2.1 255.255.255.0

no sh


虚拟机XP配置:

配IP和网关 省略

120532455.png

120600648.png

120615258.png

120632934.png

120708243.png

120720463.png