Filter
Top Products
Page 19 | AlliedWare™ OS How To Note: VPNs for Corporate Networks
branch office
1
You need to configure dynamic PPP over L2TP to accept incoming Windows VPN client
connections.
Create an IP pool to allocate unique internal payload addresses to incoming VPN clients.
create ip pool=roaming ip=192.168.144.1-192.168.144.50
Define a PPP template. This defines authentication and uses the IP pool of addresses.
create ppp template=1
set ppp template=1 bap=off ippool=roaming authentication=chap echo=10
lqr=off
Configure L2TP. When the router successfully negotiates an L2TP tunnel connection from
any remote peer, it then creates a PPP interface over that tunnel, using the PPP parameters
defined by the PPP template.
enable l2tp
enable l2tp server=both
add l2tp ip=1.1.1.1-255.255.255.254 ppptemplate=1
Add your approved roaming VPN client usernames.
add user=roaming2 pass=roaming2 lo=no telnet=no
If desired, you can instead use a RADIUS authentication server.
add radius server=<radius-server-address> secret=<secret-key>
Check that you have a 3DES feature licence for the ISAKMP policies.
show feature
You can purchase feature licences from your Allied Telesis distributor.
If necessary, install the licence, using the password provided by your distributor.
enable feature=3des pass=<licence-number>
Enable IPsec
enable ipsec
In this example, IPsec SA specifications propose:
z ISAKMP as the key management protocol
z ESP as the IPsec protocol
7. Configure dynamic PPP over L2TP connections
8. Check feature licences
9. Configure the VPNs for connecting to headquarters and roaming clients