<H3C>dis curr
l2tp enable
zone name Trust id 2
priority 85
import interface GigabitEthernet0/2
zone name Untrust id 4
priority 5
import interface GigabitEthernet0/1
zone name ××× id 5
priority 10
import interface Virtual-Template0
interzone source Trust destination ×××
interzone source Untrust destination Trust
rule 0 permit
comment 2
source-ip any_address
destination-ip 192.168.10.100/0.0.0.0
service any_service
rule enable
interzone source ××× destination Management
interzone source ××× destination Trust
rule 0 permit
source-ip any_address
destination-ip any_address
service any_service
rule enable
interzone source ××× destination Untrust
rule 0 deny
source-ip any_address
destination-ip any_address
service any_service
rule enable
#
domain system
authentication ppp local
access-limit disable
state active
idle-cut disable
self-service-url disable
ip pool 1 172.16.0.240 172.16.0.250
#
user-group system
group-attribute allow-guest
#
local-user user_***
password cipher $c$3$65336fxFQv0VjcjI23569SvGaIeadg8=
service-type ppp
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 0
#
interface Virtual-Template0
ppp authentication-mode chap domain system
remote address pool 1
ip address 172.16.0.254 255.255.255.0
#
interface NULL0
#
return
win7客户端建好***连接,取消使用远程网关,选择l2tp/ipsec验证,修改注册表:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Parameters]
新建dword项 ProhibitIpSec 将值设为1
或直接下载附件导入
转载于:https://blog.51cto.com/dnuser/1265155