ESR Series Routers Operation Manual 81
esr(config)# object-group network pptp_dns
esr(config-object-group-network)# ip address-range 8.8.8.8
esr(config-object-group-network)# ip address-range 8.8.4.4
esr(config-object-group-network)# exit
Create L2TP server and map profiles listed above to it:
esr(config)# remote-access l2tp remote-workers
esr(config-l2tp)# local-address ip-address 10.10.10.1
esr(config-l2tp)# remote-address address-range 10.10.10.5-10.10.10.15
esr(config-l2tp)# outside-address ip-address 120.11.5.1
esr(config-l2tp)# dns-server object-group l2tp_dns
Select authentication method for L2TP server users:
esr(config-l2tp)# authentication mode radius
Specify security zone that user sessions will be related to:
esr(config-l2tp)# security-zone VPN
Specify authentication method for IKE phase 1 and define an authentication key.
esr(config-l2tp)# ipsec authentication method psk
esr(config-l2tp)# ipsec authentication pre-shared-key ascii-text password
Enable L2TP server:
esr(config-l2tp)# enable
When a new configuration is applied, the router will listen to IP address 120.11.5.1 and port 1701.
To view L2TP server session status, use the following command:
esr# show remote-access status l2tp server remote-workers
To view L2TP server session counters, use the following command:
esr# show remote-access counters l2tp server remote-workers
To clear L2TP server session counters, use the following command:
esr# clear remote-access counters l2tp server remote-workers
To end L2TP server session for user 'fedor', use one of the following commands:
esr# clear remote-access session l2tp username fedor
esr# clear remote-access session l2tp server remote-workers username fedor
To view L2TP server configuration, use the following command:
esr# show remote-access configuration l2tp remote-workers
To Next Page
Loading...
