L2TP配置与排错

L2TP enable

ip pool l2tppool
section 0 172.16.1.1 172.16.1.100

aaa
service-scheme l2tp
ip-pool l2tppool
domain default
service-type l2tp

firewall zone trust
set priority 85
add interface GigabitEthernet1/0/0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/0

security-policy
rule name L2TP
source-zone trust
destination-zone untrust
source-address 202.100.1.10 mask 255.255.255.255
service protocol icmp
service protocol udp destination-port 1701
action permit

l2tp-group 1
tunnel password cipher %$%$:u#|5wl"|G5mdEL9ut%.l@i[%$%$
allow l2tp virtual-template 1 remote client

interface Virtual-Template1
ppp authentication-mode chap
remote service-scheme l2tp
ip address 172.16.1.1 255.255.255.0

firewall zone dmz
set priority 50
add interface Virtual-Template1

user-manage user l2tp
password huawei
undo multi-ip online enable

L2TP排错：
1.L2TP用户名密码要和LNS匹配
2.L2TP隧道验证要匹配
3.L2TP客户端数量不能超过pool数量
4.VT应该加入安全区域
5.安全策略untrust-->local udp 1701 DMZ<-->trust
6.隧道名称要与L2TP Group下匹配

dis l2tp tunnel
dis l2tp session
L2TP Client 查看日志