H3C l2tp ***设置，win7客户端拨号设置

<H3C>dis curr

l2tp enable

zone name Trust id 2

priority 85    

import interface GigabitEthernet0/2

zone name Untrust id 4

priority 5    

import interface GigabitEthernet0/1

zone name ××× id 5

priority 10    

import interface Virtual-Template0

interzone source Trust destination ×××

interzone source Untrust destination Trust

 rule 0 permit

  comment 2    

  source-ip any_address

  destination-ip 192.168.10.100/0.0.0.0

  service any_service

  rule enable  

interzone source ××× destination Management

interzone source ××× destination Trust

 rule 0 permit

  source-ip any_address

  destination-ip any_address

  service any_service

  rule enable  

interzone source ××× destination Untrust

 rule 0 deny  

  source-ip any_address

  destination-ip any_address

  service any_service

  rule enable  

#              

domain system  

authentication ppp local

access-limit disable

state active  

idle-cut disable

self-service-url disable

ip pool 1 172.16.0.240 172.16.0.250

#              

user-group system

group-attribute allow-guest

#              

local-user user_***

password cipher $c$3$65336fxFQv0VjcjI23569SvGaIeadg8=

service-type ppp

l2tp-group 1    

undo tunnel authentication

allow l2tp virtual-template 0

#              

interface Virtual-Template0

ppp authentication-mode chap domain system

remote address pool 1

ip address 172.16.0.254 255.255.255.0

#              

interface NULL0

#              

return

win7客户端建好***连接，取消使用远程网关，选择l2tp/ipsec验证，修改注册表：

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Parameters]

新建dword项 ProhibitIpSec  将值设为1

或直接下载附件导入

转载于:https://blog.51cto.com/dnuser/1265155