Home > 3Com > Router > 3Com Router User Manual

3Com Router User Manual

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual 3Com Router User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 19 3Com manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 762
    Add page 621 to Favourites
    image text
    Enable zoom 
    							Display and Debug L2TP 617
of each VPN connection can be guaranteed. The maximum number of sessions 
can be configured at either LNS or LAC, and the smaller one is valid.
Perform the following configurations in system view.
Ta b l e 685   Configure the Maximum Number of L2TP Sessions
By default, the maximum number of L2TP sessions is 1000.
Given that a certain number of sessions have existed on the router, the system will 
display the information indicating misconfiguration if the l2tp session-limit 
command is used to configure a session-number smaller than the current one. 
Display and Debug 
L2TP Use debugging, display command in all views.
Ta b l e 686   Display and Debug L2TP 
L2TP Configuration 
Examples
NAS-originated VPN 
NetworkingI. Networking requirements
A user can access the Intranet of an enterprise through local dial-up access. The 
NAS authenticates the users to determine whether they are VPN users. The tunnel 
is used to transmit data between NAS and LNS.
A user can have access to the LAN of a company through dialup. Both the LAC 
(NAS) and LNS connect to the Internet through serial interfaces, and transmit data 
through Tunnel. The PC is installed with Windows2000 operation system.
The Async2 interface of LAC and PC are connected to a Modem, and the numbers 
are 5660046 and 5660040 separately.
OperationCommand
Configure the maximum number of L2TP 
sessions at locall2tp session-limit session-number 
Restore the maximum number of L2TP 
sessions at local to default valueundo l2tp session-limit
OperationCommand
Display the current L2TP tunnel 
information.display l2tp tunnel
Display the current L2TP session 
informationdisplay l2tp session
Enable the debugging of L2TP.debugging l2tp { all | control | 
error | event | hidden | payload | 
time-stamp }
    Add page 622 to Favourites
    image text
    Enable zoom 
    							618CHAPTER 43: CONFIGURING L2TP 
II. Networking diagram
Figure 183   Networking diagram of NAS-originated VPN
III. Configuration procedure
1Configuration at the LAC (NAS) side:)
aConfigure username and password (when dialing in Windows2000).
[Router-LAC] local-user lac service-type ppp password simple lac
bImplement local AAA authentication on VPN user.
[Router-LAC] aaa-enable
[Router-LAC] aaa authentication-scheme ppp default local
[Router-LAC] aaa accounting-scheme optional
cConfigure the IP address of Serial1 interface of LAC.
[Router-LAC] interface serial 1
[Router-LAC-Serial1] ip address 192.167.0.2 255.255.255.0
dEnable L2TP service and configure a L2TP group.
[Router-LAC] l2tp enable
[Router-LAC] l2tp-group 1
[Router-LAC-l2tp1] tunnel name lac-end
[Router-LAC-l2tp1] start l2tp ip 192.167.0.1 fullusername lac
eEnable tunnel authentication and configure a tunnel authentication password.
[Router-LAC-l2tp1] tunnel authentication
[Router-LAC-l2tp1] tunnel password simple 3Com router
fConfigure BDR dialup parameters.
[Router-LAC] dialer-rule 1 ip permit
[Router-LAC] interface async 2
[Router-LAC-Async2] async mode protocol
[Router-LAC-Async2] link-protocol ppp
[Router-LAC-Async2] ppp authentication-mode chap
[Router-LAC-Async2] dialer enable-legacy
[Router-LAC-Async2] dialer-group 1
2Configuration at LNS side
aConfigure username and password (they should be the same as those 
configured at LAC side)
[Router-LNS] local-user lac service-type ppp password simple lac
bDefine an address pool and assign an address for the dialup user.
[Router-LNS] ip pool 1 192.168.0.3 192.168.0.100
cImplement local AAA authentication for the VPN user.
[Router-LNS] aaa-enable
[Router-LNS] aaa authentication-scheme ppp default local
[Router-LNS] aaa accounting-scheme optional
VPN
User
PSTN/ISDNCompany 
headquarters
LAC
Internet
LNS
tunnel
NASS1
S0 Async2
VPN
User
PSTN/ISDNCompany 
headquarters
LAC
Internet
LNS
tunnel
NASS1
S0 Async2
    Add page 623 to Favourites
    image text
    Enable zoom 
    							L2TP Configuration Examples619
dConfigure the IP address of Serial0 interface of LNS.
[Router-LNS] interface serial 0
[Router-LNS-Serial0] ip address 192.167.0.1 255.255.255.0
eConfigure the Virtual-Template-related information.
[Router-LNS] interface virtual-template 1
[Router-LNS-Virtual-Template1] ip address 192.168.0.1 255.255.255.0
[Router-LNS-Virtual-Template1] ppp authentication-mode chap
[Router-LNS-Virtual-Template1] remote address pool 1
fEnable L2TP service and configure a L2TP group.
[Router-LNS] l2tp enable
[Router-LNS] l2tp-group 1
[Router-LNS-l2tp1] tunnel name lns-end
[Router-LNS-l2tp1] allow l2tp virtual-template 1 remote lac-end
gEnable tunnel authentication and configure a tunnel authentication password.
[Router-LNS-l2tp1] tunnel authentication
[Router-LNS-l2tp1] tunnel password simple 3Com router
3Configuration at the user side
■Open [Start/Program/Accessories/Communication/Network Connection 
Wizard] on the PC installed with Windows2000 operation system. Double click 
[New Connection] and choose “Dial-up to the Internet”.
Figure 184   Network Connection Wizard
■Click  and choose “I want to set up my Internet connection manually, or 
I want to connect through a local area network (LAN)” in the popup dialog 
box, as shown in the following figure.
    Add page 624 to Favourites
    image text
    Enable zoom 
    							620CHAPTER 43: CONFIGURING L2TP 
Figure 185   Internet Connection Wizard (1)
■Click  and input the telephone number at the NAS side in the popup 
dialog box (if it is a local telephone number, you should deselect “Use area 
code and dialing rules”), as shown in the following figure.
    Add page 625 to Favourites
    image text
    Enable zoom 
    							L2TP Configuration Examples621
Figure 186   Internet Connection Wizard (2)
■Click  and input username and password (such as the username lac and 
password lac) in the popup dialog box so as to access ISP. The input contents 
must be the same as the configuration at the NAS side, as shown in the 
following figure.
    Add page 626 to Favourites
    image text
    Enable zoom 
    							622CHAPTER 43: CONFIGURING L2TP 
Figure 187   Internet Connection Wizard (3)
■Click  and input the name of dialup connection (such as “Connection to 
660046”) in the popup dialog box, as shown in the following figure.
Figure 188   Internet Connection Wizard (4)
    Add page 627 to Favourites
    image text
    Enable zoom 
    							L2TP Configuration Examples623
■Click  and deselect To connect to the Internet immediately, select this 
box and then click Finish in the popup dialog box, as shown in the following 
figure.
Figure 189   Internet Connection Wizard (5)
■Click  and double click “Connection to 66046” icon, then after 
inputting the username and password, you can dial up to access NAS. As 
receiving the call, NAS will establish a tunnel and session to LNS, as shown in 
the following figure. The input username and password must be the same as 
those configured at LAC and LNS side.
    Add page 628 to Favourites
    image text
    Enable zoom 
    							624CHAPTER 43: CONFIGURING L2TP 
Figure 190   Connect to “Connection to 66046”
To determine the IP address assigned to your computer by the LNS, use the 
DOS-based command ipconfig.
Client-originated VPN 
NetworkingI. Networking requirements
After connecting to the Internet, the VPN user originates request for connecting 
Tunnel. At receiving the request, LNS establishes a Tunnel with the VPN, so as to 
transmit data between the user and the company headquarters.
LAC (NAS) and LNS are connected to a 3Com router. They connect to the Internet 
through serial interfaces and transmit data through Tunnel. The PC named 
win2000 in installed with Windows2000. The Async2 interface and the PC are 
connected to a Modem, and the number are 660046 and 600040 separately.
II. Networking diagram
Figure 191   Networking diagram of client-originated VPN
III. Configuration procedure
1Configuration at the LAC (NAS) side
aConfigure the username and password (when dialing up in Windows2000)
[Router-LAC] local-user lac service-type ppp password simple lac
bConfigure address pool, and assign Internet address for the user.
[Router-LAC] ip pool 1 192.170.0.3 192.170.0.100
InternetPSTNCompany 
headquarters
LNS Router
LACNASVPN
user
Tunnel
InternetPSTNCompany 
headquarters
LNS Router
LACNASVPN
user
Tunnel
    Add page 629 to Favourites
    image text
    Enable zoom 
    							L2TP Configuration Examples625
cConfigure the IP address of Serial1 interface at LAC side.
[Router-LAC] interface serial 1
[Router-LAC-Serial1] ip address 192.167.0.2 255.255.255.0
dConfigure BDR parameters.
[Router-LAC] dialer-rule 1 ip permit
[Router-LAC] interface async 2
[Router-LAC-Async2] async mode protocol
[Router-LAC-Async2] link-protocol ppp
[Router-LAC-Async2] ip address 192.170.0.1 255.255.255.0
[Router-LAC-Async2] ppp authentication-mode chap
[Router-LAC-Async2] remote address pool 1
[Router-LAC-Async2] dialer enable-legacy
[Router-LAC-Async2] dialer-group 1
2Configuration at the LNS side
aConfigure the username and password (when establishing VPN connection in 
Windows2000).
[Router-LNS] local-user lns_user service-type ppp password simple 
lns
bDefine an address pool and assign a VPN address for the dialup user.
[Router-LNS] ip pool 1 192.168.0.3 192.168.0.100
cImplement local AAA authentication on VPN user.
[Router-LNS] aaa-enable
[Router-LNS] aaa authentication-scheme ppp default local
[Router-LNS] aaa accounting-scheme optional
dConfigure the IP address of Serial0 interface at LNS side.
[Router-LNS] interface serial 0
[Router-LNS-Serial0] ip address 192.167.0.1 255.255.255.0
eEnable L2TP service and configure a L2TP group.
[Router-LNS] l2tp enable
[Router-LNS] l2tp-group 1
[Router-LNS-l2tp1] tunnel name lns-end
[Router-LNS-l2tp1] allow l2tp virtual-template 1 remote win2000
fConfigure the Virtual-Template-related information.
[Router-LNS] interface virtual-template 1
[Router-LNS-Virtual-Template1] ip address 192.168.0.1 255.255.255.0
[Router-LNS-Virtual-Template1] ppp authentication-mode chap
[Router-LNS-Virtual-Template1] remote address pool 1
gDisable tunnel authentication.
[Router-LNS-l2tp1] undo tunnel authentication
hConfigure the route to Windows2000.
[Router-LNS] ip route-static 192.170.0.0 255.255.255.0 192.167.0.2
3Configuration at the user side
■By default, IPSec is enabled in Windows2000 operation system, so the IPSec 
should be disabled after VPN request is originated. Execute 
regedit command 
in CLI mode, the [Register Editor] dialog box will pop up.
    Add page 630 to Favourites
    image text
    Enable zoom 
    							626CHAPTER 43: CONFIGURING L2TP 
■Search for HKEY_LOCAL_MACHINE, System, CurrentControlSet, Services, 
Rasman and Parameters level by level in the register in the left. Click 
, and click in the blank space in the right window. Choose 
{Create/Double byte value} and create a register value (name: ProhibitIPSec, 
value:1), then restart Windows2000.
■Create a dialup connection and a VPN connection in Windows2000 operation 
system. The way to create a dialup connection is the same as that introduced in 
the example of “NAS-originated VPN Networking”.
■To create a VPN connection, open [Start/Program/Accessories/Network and 
Dialup Connection], click [New Connection], and then choose “Connect to a 
private network through the Internet” as the “Connection Type”, as shown in 
the following figure.
Figure 192   Network Connection Wizard (1)
■Click , choose “Automatic dial this initial connection”, and select 
“Connection to 660046”, as shown in the following figure:
    All 3Com manuals Comments (0)

    Related Manuals for 3Com Router User Manual