Create address profile that contains local gateway address:
esr(config)# object-group network l2tp_local
esr(config-object-group-network)# ip address-range 10.10.10.1
esr(config-object-group-network)# exit
Create address profile that contains DNS servers:
esr(config)# object-group network pptp_dns
esr(config-object-group-network)# ip address-range 8.8.8.8
esr(config-object-group-network)# ip address-range 8.8.4.4
esr(config-object-group-network)# exit
Create L2TP server and map profiles listed above:
esr(config)# remote-access l2tp remote-workers
esr(config-l2tp)# local-address ip-address 10.10.10.1
esr(config-l2tp)# remote-address address-range 10.10.10.5-10.10.10.15
esr(config-l2tp)# outside-address ip-address 120.11.5.1
esr(config-l2tp)# dns-server object-group l2tp_dns
Select authentication method for L2TP server users:
esr(config-l2tp)# authentication mode radius
Specify security zone that user sessions will be related to:
esr(config-l2tp)# security-zone VPN
Specify authentication method for IKE phase 1 and define an authentication key.
esr(config-l2tp)# ipsec authentication method psk
esr(config-l2tp)# ipsec authentication pre-shared-key ascii-text password
Enable L2TP server:
When a new configuration is applied, the router will listen to IP address 120.11.5.1 and port 1701. To view
L2TP server session status, use the following command:
esr# show remote-access status l2tp server remote-workers
To view L2TP server session counters, use the following command:
esr# show remote-access counters l2tp server remote-workers
To Next Page
Loading...
