01-05 Implementing WAN Interconnection Through VPN

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
2200&AR3200&AR3600 Series Enterprise Routers
Web-based Configuration Examples 5 Implementing WAN Interconnection Through VPN
5 Implementing WAN Interconnection

Through VPN
About This Chapter
5.1 Example for Configuring IPSec VPN

5.2 L2TP
5.1 Example for Configuring IPSec VPN

Applicable Products
This example applies to routers of all versions and models.
Networking Requirements
As shown in Figure 5-1, Router_1 is the gateway of an enterprise branch, and Router_2 is the
gateway of the headquarters. Router_1 and Router_2 communicate over the public network.
The enterprise wants to protect traffic transmitted over the public network between the
enterprise branch and headquarters. An IPSec tunnel can be established between the branch
gateway and headquarters gateway to protect data transmitted between them.
Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 46

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Figure 5-1 IPSec VPN networking
Router_1 GE0/01 GE0/0/1 Router_2

Branch 1.1.1.1/24 1.1.2.1/24 Headquarters
Internet
gateway gateway
GE0/0/2 GE0/0/2
10.1.1.1/24 10.1.2.1/24
IPSec tunnel
PC_1 PC_2
10.1.1.2/24 10.1.2.2/24
Branch Headquarters
Procedure
Step 1 Configure IP addresses for interfaces of Router_1. The configuration of Router_2 is similar to
that of Router_1, and is not mentioned here.
1. Choose WAN Access > Ethernet Interface to access the Ethernet Interface page, as
shown in Figure 5-2.
Figure 5-2 Ethernet Interface page
2. In Ethernet Interface List, click next to an Ethernet interface to be configured. On

the pages shown in Figure 5-3, configure GE0/0/1 and GE0/0/2.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Figure 5-3 Modify Ethernet Interface page

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Step 2 Configure a static route for Router_1. The configuration of Router_2 is similar to that of
Router_1, and is not mentioned here.
1. Choose IP Service > Route > Static Route Configuration to access the Static Route
Configuration page, as shown in Figure 5-4.
Figure 5-4 Static Route Configuration page

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
2. In IPv4 Static Route Configuration Table, click Create. On the pages shown in Figure
5-5, configure two static routes.
Figure 5-5 Create IPv4 Static Route Service page
Step 3 Configure IPSec on Router_1. The configuration of Router_2 is similar to that of Router_1,
and is not mentioned here.
1. Choose Configuration Wizard > IPSec VPN Configuration Wizard, as shown in
Figure 5-6.
Select Site-to-Site and click Next.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Figure 5-6 IPSec VPN Configuration Wizard page
2. Configure the interface to which the IPSec policy is to be applied and the peer device
address and click Next, as shown in Figure 5-7.
Figure 5-7 Configure Network page

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
3. Enter the source IP address, destination IP address, and wildcard of source and
destination IP addresses based on protected data flows, and click Add. Then click Next,
as shown in Figure 5-8.
Figure 5-8 Define Protected Data Flow page
4. Configure the pre-shared key, IKE parameters, and IPSec parameters. The configurations
on both ends must be the same. Then click Next, as shown in Figure 5-9.
Figure 5-9 Configure Encryption and Authentication page

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
5. Check detailed information about the configured IPSec VPN. Click Finish. The IPSec
VPN configuration is complete., as shown in Figure 5-10
Figure 5-10 Confirm Settings page
Step 4 Verify the configuration.
# PC_1 and PC_2 can ping each other successfully. If you run the display ipsec statistics esp
command on the router, you can find that the count of encapsulated and decapsulated packets
is not 0.
----End
Configuration Notes
l ACLs configured on devices in the headquarters and branch must mirror each other.
l There must be reachable routes between the headquarters and branch.
5.2 L2TP
5.2.1 Example for Configuring a PC to Dial Up to a Router

Through L2TP
Applicable Products
This example applies to all AR models of V200R002C00 and later versions.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Networking Requirements
As shown in Figure 5-11, the geographical positions of employees on a business trip often
change. However, they need to communicate with the headquarters and access the internal
resources in the headquarters at any time. L2TP can be deployed to allow the traveling
employees to dial up to access the headquarters network. In this way, the headquarters
gateway can identify and manage the access users. A PC running the Windows 7 operating
system is used in this example.
Figure 5-11 Configuring a PC to dial up to a router through L2TP
10.1.2.2/24
Mobile user
PC2
(L2TP dialing
software) LNS Enterprise
GE0/0/1
1.1.1.1/24 headquarters
Internet
PC1 1.1.2.1/24 VT1
10.1.1.1/24
PC3
L2TP encapsulation
Procedure
Step 1 Configure the LNS.
1. Configure an IP address for the interface.
a. Choose WAN Access > Ethernet Interface to access the Ethernet Interface page,
as shown in Figure 5-12.
Figure 5-12 Ethernet Interface page

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
b. In Ethernet Interface List, click next to an Ethernet interface to be

configured. The Modify Ethernet Interface page shown in Figure 5-13 is
displayed.
Figure 5-13 Modify Ethernet Interface page
2. Configure a static route.

a. Choose IP Service > Route > Static Route Configuration to access the Static
Route Configuration page, as shown in Figure 5-14.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Figure 5-14 Static Route Configuration page
b. In IPv4 Static Route Configuration Table, click Create. The Create IPv4 Static
Route Service page shown in Figure 5-15 is displayed.
Figure 5-15 Create IPv4 Static Route Service page
3. Configure the user name and password.

a. Choose User Management > User Management. The User Management page
shown in Figure 5-16 is displayed.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Figure 5-16 User Management page
b. Click Create. The Create User page shown in Figure 5-17 is displayed.
Figure 5-17 Create User page
4. Configure the L2TP function.

a. Choose VPN > L2TP VPN > L2TP Server to access the L2TP Server page, as
shown in Figure 5-18.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Figure 5-18 L2TP Server page
b. In Global Settings, select Enabled and click Apply.

c. Click Create under Server List. The Create L2TP Server page shown in Figure
5-19 is displayed.
Figure 5-19 Create L2TP Server page
Step 2 Configure the Windows 7 operating system.

1. Modify the Windows registry and disable the digital certificate authentication function.
Choose Start > Run, enter regedit, and find the HKEY_LOCAL_MACHINE
\SYSTEM\CurrentControlSet\services\RasMan\Parameters directory. Right-click

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Parameters and choose Create. In the dialog box that is displayed, click DWORD (32
bit) Value. In the dialog box that is displayed, set Value name to ProhibitIpSec and
Value data to 1. Restart the PC after modification is complete.
2. Create an L2TP network connection.

a. Open Network and Sharing Center, click Set Up a Connection or Network,
select Connect to a workplace, and click Next.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
b. Click Use my Internet connection (VPN).

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
c. Set Internet address to 1.1.1.1 (the IP address of the LNS) and Destination name
such as L2TP. The destination name is used as the network connection name.
Select Don't connect now; just set it up so I can connect later and then click
Next.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
d. Set User name and Password to huawei and Huawei@1234 respectively, and
click Create.
NOTE
You do not need to set a value for Domain.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
e. Click Close.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
3. Configure authentication parameters for the L2TP connection.

a. Open Network and Sharing Center and click Connect to a network. L2TP that
is created is displayed. Right-click L2TP and choose L2TP Properties to configure
parameters for the connection.
The parameters on the General tab page do not need to be modified.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
b. Click the Options tab page and select the following items.
NOTE
You can also click PPP Settings on the page and remain other options unchanged.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
c. Click the Security tab page, retain the default setting for Type of VPN or set it to
Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec).
Select the following items under Allow these protocols.
NOTE
If you click Advanced settings on the tab page, the IPSec Settings page is displayed for
you to set a pre-shared key for authentication. Do not set a pre-shared key here.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
The Networking and Sharing tab pages do not need to be modified.

d. Open Network and Sharing Center and click Connect to a network. L2TP that
is created is displayed. Double-click L2TP, enter the user name and password, and
click Connect.

Huawei
AR100&AR120&AR150&AR160&AR200&AR1200&AR
Step 3 Verify the configuration.

# After the configurations are complete, PC1 obtains a private network address 10.1.1.254 for
the L2TP connection, and PC1 can communicate with the PC in the headquarters and access
the external network resources.
----End
Configuration Notes
l When you configure an L2TP group, tunnel authentication is not supported because
employees access the network using PCs.
l If employees need to access external networks, add their network segments to ACLs and
use NAT to translate their addresses.
l To enable employees to access external network resources using the domain names, you
need to configure the DNS server IP address that the LNS specifies for the peer device in
the VT interface template.

01-05 Implementing WAN Interconnection Through VPN

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

01-05 Implementing WAN Interconnection Through VPN

Загружено:

Авторское право:

Доступные форматы

Huawei

5 Implementing WAN Interconnection

About This Chapter

5.1 Example for Configuring IPSec VPN

5.1 Example for Configuring IPSec VPN

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 46

Figure 5-1 IPSec VPN networking

Router_1 GE0/01 GE0/0/1 Router_2

Figure 5-2 Ethernet Interface page

2. In Ethernet Interface List, click next to an Ethernet interface to be configured. On

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 47

Figure 5-3 Modify Ethernet Interface page

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 48

Figure 5-4 Static Route Configuration page

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 49

Figure 5-5 Create IPv4 Static Route Service page

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 50

Figure 5-6 IPSec VPN Configuration Wizard page

Figure 5-7 Configure Network page

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 51

Figure 5-8 Define Protected Data Flow page

Figure 5-9 Configure Encryption and Authentication page

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 52

Figure 5-10 Confirm Settings page

Step 4 Verify the configuration.

5.2.1 Example for Configuring a PC to Dial Up to a Router

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 53

Figure 5-11 Configuring a PC to dial up to a router through L2TP

Figure 5-12 Ethernet Interface page

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 54

b. In Ethernet Interface List, click next to an Ethernet interface to be

Figure 5-13 Modify Ethernet Interface page

2. Configure a static route.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 55

Figure 5-14 Static Route Configuration page

Figure 5-15 Create IPv4 Static Route Service page

3. Configure the user name and password.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 56

Figure 5-16 User Management page

Figure 5-17 Create User page

4. Configure the L2TP function.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 57

Figure 5-18 L2TP Server page

b. In Global Settings, select Enabled and click Apply.

Figure 5-19 Create L2TP Server page

Step 2 Configure the Windows 7 operating system.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 58

2. Create an L2TP network connection.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 59

b. Click Use my Internet connection (VPN).

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 60

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 61

You do not need to set a value for Domain.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 62

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 63

3. Configure authentication parameters for the L2TP connection.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 64

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 65

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 66

The Networking and Sharing tab pages do not need to be modified.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 67

Step 3 Verify the configuration.

Issue 06 (2018-11-30) Copyright © Huawei Technologies Co., Ltd. 68

Вам также может понравиться