放开安全策略机制,FW1不配IP
[FW1]firewall zone trust
[FW1-zone-trust]add interface GigabitEthernet 1/0/0
[FW1]security-policy
[FW1-policy-security]default action permit FW2 和FW3
[FW2]interface g1/0/1
[FW2-GigabitEthernet1/0/1]ip address 20.1.1.1 24
[FW2]firewall zone trust
[FW2-zone-trust]add interface GigabitEthernet 1/0/0
[FW2]firewall zone untrust
[FW2-zone-untrust]add interface GigabitEthernet 1/0/1
[FW3]in g1/0/0
[FW3-GigabitEthernet1/0/0]ip address 20.1.1.2 24
[FW3]interface g1/0/1
[FW3-GigabitEthernet1/0/1]ip address 192.168.1.254 24
[FW3]firewall zone untrust
[FW3-zone-untrust]add interface GigabitEthernet 1/0/0
[FW3]firewall zone trust
[FW3-zone-trust]add interface GigabitEthernet 1/0/1建立pppoe连接,设定拨号接口
client
[client]interface Dialer 1
[client-Dialer1]dialer user user1
[client-Dialer1]dialer-group 1
[client-Dialer1]dialer bundle 1
[client-Dialer1]ip address ppp-negotiate
[client-Dialer1]ppp chap user user1
[client-Dialer1]ppp chap password cipher passwd123
[client]dialer-rule 1 ip permit
[client]interface g1/0/0
[client-GigabitEthernet1/0/0]pppoe-client dial-bundle-number 1]server
[server]interface Virtual-Template 1
[server-Virtual-Template1]ppp authentication-mode chap
The command is used to configure the PPP authentication mode on the local end.
Confirm that the peer end adopts the corresponding PPP authentication. Continue[
Y/N]:y
[server-Virtual-Template1]ip address 2.2.2.2 24
[server]interface g1/0/0
[server-GigabitEthernet1/0/0]pppoe-server bind virtual-template 1
[server]interface g1/0/0
[server-GigabitEthernet1/0/0]pppoe-server bind virtual-template 1
[server]aaa
[server-aaa]domain default
[server-aaa-domain-default]service-type l2tp
[server]user-manage user user1 domain default
[server-localuser-user1]password Passwd123建立L2tp隧道
1.LAC配置
[server]l2tp enable
[server]l2tp-group 1
[server-l2tp-1]tunnel authentication
[server-l2tp-1]tunnel password cipher Hello123
[server-l2tp-1]tunnel name lac
[server-l2tp-1]start l2tp ip 20.1.1.2 fullusername user1LNS配置
[LNS]ip pool l2tp
[LNS-ip-pool-l2tp]section 0 172.16.0.2 172.16.0.100
[LNS]aaa
[LNS-aaa]service-scheme l2tp
[LNS-aaa-service-l2tp]ip-pool l2tp
[LNS-aaa-domain-default]service-type l2tp
[LNS]user-manage user user1 domain default
[LNS-localuser-user1]password Passwd123
[LNS]interface Virtual-Template 1
[LNS-Virtual-Template1]ppp authentication-mode chap
The command is used to configure the PPP authentication mode on the local end.
Confirm that the peer end adopts the corresponding PPP authentication. Continue[
Y/N]:y
[LNS]interface Virtual-Template 1
[LNS-Virtual-Template1]ip address 172.16.0.1 24
[LNS-Virtual-Template1]remote service-scheme l2tp
[LNS]firewall zone dmz
[LNS-zone-dmz]add interface Virtual-Template 1
[LNS]l2tp enable
[LNS]l2tp-group 1
[LNS-l2tp-1]allow l2tp virtual-template 1 remote lac domain de
[LNS-l2tp-1]tunnel authentication
[LNS-l2tp-1]tunnel password cipher Hello123
[LNS]l2tp-group 1
[LNS-l2tp-1]mandatory-chap