L2TP#sh run
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 2
l2tp security crypto-profile l2tp111 ----配置L2TP隧道的IPSec保护
no l2tp tunnel authentication ----禁用L2TP隧道验证
!
async-bootp gateway 10.10.1.200
async-bootp dns-server 10.10.1.210
!
username cisco123 password 0 cisco123 ----该用户名密码为远程客户端使用拨入时的用户名及密码
!
crypto isakmp policy 1 ----第一阶段就叫isakmp 1为优先级(定义第一阶段的策略级)
encr 3des ----选择加密算法
authentication pre-share ----用域共享密钥验证
group 2 ----定义组策略
hash sha ----哈西算法
crypto isakmp key 0 yaoshi address 0.0.0.0 0.0.0.0 ----配置与共享密钥(yaoshi)和对等体(0.0.0.0 0.0.0.0).
该预共享密钥(yaoshi)是不安全的
!
crypto ipsec transform-set zhuanhuanji esp-des esp-sha-hmac ----配置转换集.转换集名为zhuanhuanji
它指定使用ESP DES加密和SHA-A验证
mode transport ----配置的模式为传输(transpor)
这是因为L2TP分组被保护,L2TP隧道的终点为LNS
!
crypto map map111 10 ipsec-isakmp profile l2tp111 ----定义加密映射表,该加密映射表名为map111,它指定使用ISAKMP来建立IPSec安全关联
关键字profile将该加密映射表指定为一个模板,以便能够根据需要创建独立的加密映射表
set transform-set zhuanhuanji ----指定使用名为zhuanhuanji的转换集
!
interface FastEthernet0/1
ip address 192.168.0.89 255.255.255.0
duplex auto
speed auto
crypto map map111 ----把定义好的策略应用到接口
(其中map111是名字,必须和上边的一直,不然调用后不起效)
!
interface Virtual-Template2
ip unnumbered FastEthernet0/1
peer default ip address pool 123pool
ppp authentication ms-chap ----确保使用MS-CHAP对来自远程接入客户的PPP会话进行验证
(刚才我在做实验时,使用的认证为CHAP,客户端一直报错(错误:732),经过改正后,可以连接成功)
ppp multilink
!
ip local pool 123pool 10.10.1.1 10.10.1.100
L2TP#
客户端配置
1.使用向导创建的虚拟接口
密码为:路由器指定共享密钥
L2TP#debug ppp negotiation 运程接入客户之间的LCP协商
PPP protocol negotiation debugging is on
L2TP#
*Mar 1 00:31:05.923: ppp5 PPP: Send Message[Dynamic Bind Response]
*Mar 1 00:31:05.923: ppp5 PPP: Using vpn set call direction
*Mar 1 00:31:05.927: ppp5 PPP: Treating connection as a callin
*Mar 1 00:31:05.927: ppp5 PPP: Session handle[78000007] Session id[5]
*Mar 1 00:31:05.927: ppp5 PPP: Phase is ESTABLISHING, Passive Open
*Mar 1 00:31:05.927: ppp5 LCP: State is Listen
*Mar 1 00:31:07.911: ppp5 LCP: Timeout: State Listen
*Mar 1 00:31:07.915: ppp5 LCP: O CONFREQ [Listen] id 1 len 28
*Mar 1 00:31:07.915: ppp5 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 00:31:07.919: ppp5 LCP: MagicNumber 0x002C7905 (0x0506002C7905)
*Mar 1 00:31:07.919: ppp5 LCP: MRRU 1524 (0x110405F4)
*Mar 1 00:31:07.919: ppp5 LCP: EndpointDisc 1 Router (0x130901526F75746572)
*Mar 1 00:31:07.927: ppp5 LCP: I CONFREQ [REQsent] id 1 len 21
*Mar 1 00:31:07.927: ppp5 LCP: MRU 1400 (0x01040578)
*Mar 1 00:31:07.927: ppp5 LCP: MagicNumber 0x37F139EB (0x050637F139EB)
*Mar 1 00:31:07.927: ppp5 LCP: PFC (0x0702)
*Mar 1 00:31:07.927: ppp5 LCP: ACFC (0x0802)
*Mar 1 00:31:07.927: ppp5 LCP: Callback 6 (0x0D0306)
*Mar 1 00:31:07.927: ppp5 LCP: O CONFREJ [REQsent] id 1 len 7
*Mar 1 00:31:07.927: ppp5 LCP: Callback 6 (0x0D0306)
*Mar 1 00:31:07.935: ppp5 LCP: I CONFREJ [REQsent] id 1 len 17
*Mar 1 00:31:07.935: ppp5 LCP: MRRU 1524 (0x110405F4)
*Mar 1 00:31:07.935: ppp5 LCP: EndpointDisc 1 Router (0x130901526F75746572)
*Mar 1 00:31:07.935: ppp5 LCP: O CONFREQ [REQsent] id 2 len 15
*Mar 1 00:31:07.935: ppp5 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 00:31:07.935: ppp5 LCP: MagicNumber 0x002C7905 (0x0506002C7905)
*Mar 1 00:31:07.943: ppp5 LCP: I CONFREQ [REQsent] id 2 len 18
*Mar 1 00:31:07.943: ppp5 LCP: MRU 1400 (0x01040578)
*Mar 1 00:31:07.943: ppp5 LCP: MagicNumber 0x37F139EB (0x050637F139EB)
*Mar 1 00:31:07.943: ppp5 LCP: PFC (0x0702)
*Mar 1 00:31:07.943: ppp5 LCP: ACFC (0x0802)
*Mar 1 00:31:07.943: ppp5 LCP: O CONFNAK [REQsent] id 2 len 8
*Mar 1 00:31:07.943: ppp5 LCP: MRU 1500 (0x010405DC)
*Mar 1 00:31:07.951: ppp5 LCP: I CONFACK [REQsent] id 2 len 15
*Mar 1 00:31:07.951: ppp5 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 00:31:07.951: ppp5 LCP: MagicNumber 0x002C7905 (0x0506002C7905)
*Mar 1 00:31:08.419: ppp5 LCP: I CONFREQ [ACKrcvd] id 3 len 18
*Mar 1 00:31:08.423: ppp5 LCP: MRU 1400 (0x01040578)
*Mar 1 00:31:08.427: ppp5 LCP: MagicNumber 0x37F139EB (0x050637F139EB)
*Mar 1 00:31:08.427: ppp5 LCP: PFC (0x0702)
*Mar 1 00:31:08.427: ppp5 LCP: ACFC (0x0802)
*Mar 1 00:31:08.427: ppp5 LCP: O CONFNAK [ACKrcvd] id 3 len 8
*Mar 1 00:31:08.427: ppp5 LCP: MRU 1500 (0x010405DC)
*Mar 1 00:31:09.927: ppp5 LCP: Timeout: State ACKrcvd
*Mar 1 00:31:09.931: ppp5 LCP: O CONFREQ [ACKrcvd] id 3 len 15
*Mar 1 00:31:09.935: ppp5 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 00:31:09.935: ppp5 LCP: MagicNumber 0x002C7905 (0x0506002C7905)
*Mar 1 00:31:09.955: ppp5 LCP: I CONFREQ [REQsent] id 4 len 18
*Mar 1 00:31:09.955: ppp5 LCP: MRU 1500 (0x010405DC)
*Mar 1 00:31:09.955: ppp5 LCP: MagicNumber 0x37F139EB (0x050637F139EB)
*Mar 1 00:31:09.955: ppp5 LCP: PFC (0x0702)
*Mar 1 00:31:09.955: ppp5 LCP: ACFC (0x0802)
*Mar 1 00:31:09.955: ppp5 LCP: O CONFACK [REQsent] id 4 len 18
*Mar 1 00:31:09.955: ppp5 LCP: MRU 1500 (0x010405DC)
*Mar 1 00:31:09.955: ppp5 LCP: MagicNumber 0x37F139EB (0x050637F139EB)
*Mar 1 00:31:09.955: ppp5 LCP: PFC (0x0702)
*Mar 1 00:31:09.955: ppp5 LCP: ACFC (0x0802)
*Mar 1 00:31:09.971: ppp5 LCP: I CONFACK [ACKsent] id 3 len 15
*Mar 1 00:31:09.971: ppp5 LCP: AuthProto MS-CHAP (0x0305C22380)
*Mar 1 00:31:09.971: ppp5 LCP: MagicNumber 0x002C7905 (0x0506002C7905)
*Mar 1 00:31:09.971: ppp5 LCP: State is Open
*Mar 1 00:31:09.971: ppp5 PPP: Phase is AUTHENTICATING, by this end
*Mar 1 00:31:09.975: ppp5 MS-CHAP: O CHALLENGE id 1 len 21 from "Router "
*Mar 1 00:31:09.983: ppp5 LCP: I IDENTIFY [Open] id 5 len 18 magic 0x37F139EB MSRASV5.10
*Mar 1 00:31:09.983: ppp5 LCP: I IDENTIFY [Open] id 6 len 21 magic 0x37F139EB MSRAS-0-ALLEN
*Mar 1 00:31:10.155: ppp5 MS-CHAP: I RESPONSE id 1 len 62 from "cisco123"
*Mar 1 00:31:10.159: ppp5 PPP: Phase is FORWARDING, Attempting Forward
*Mar 1 00:31:10.167: ppp5 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Mar 1 00:31:10.195: ppp5 PPP: Phase is FORWARDING, Attempting Forward
*Mar 1 00:31:10.195: ppp5 PPP: Send Message[Connect Local]
*Mar 1 00:31:10.227: ppp5 PPP: Bind to [Virtual-Access2.2]
*Mar 1 00:31:10.231: Vi2.2 PPP: Send Message[Static Bind Response]
*Mar 1 00:31:10.255: Vi2.2 PPP: Phase is AUTHENTICATING, Authenticated User
*Mar 1 00:31:10.275: Vi2.2 MS-CHAP: O SUCCESS id 1 len 4
*Mar 1 00:31:10.283: Vi2.2 PPP: Phase is UP
*Mar 1 00:31:10.287: Vi2.2 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar 1 00:31:10.287: Vi2.2 IPCP: Address 192.168.0.89 (0x0306C0A80059)
*Mar 1 00:31:10.291: Vi2.2 PPP: Process pending ncp packets
*Mar 1 00:31:11.295: Vi2.2 CCP: I CONFREQ [Not negotiated] id 7 len 10
*Mar 1 00:31:11.295: Vi2.2 CCP: MS-PPC supported bits 0x01000001 (0x120601000001)
*Mar 1 00:31:11.295: Vi2.2 LCP: O PROTREJ [Open] id 4 len 16 protocol CCP (0x80FD0107000A120601000001)
*Mar 1 00:31:11.295: Vi2.2 IPCP: I CONFREQ [REQsent] id 8 len 34
*Mar 1 00:31:11.295: Vi2.2 IPCP: Address 0.0.0.0 (0x030600000000)
*Mar 1 00:31:11.295: Vi2.2 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar 1 00:31:11.295: Vi2.2 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
*Mar 1 00:31:11.295: Vi2.2 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Mar 1 00:31:11.295: Vi2.2 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
*Mar 1 00:31:11.295: Vi2.2 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0
*Mar 1 00:31:11.299: Vi2.2 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0
*Mar 1 00:31:11.299: Vi2.2 IPCP: Pool returned 10.10.1.2
*Mar 1 00:31:11.303: Vi2.2 IPCP: O CONFREJ [REQsent] id 8 len 22
*Mar 1 00:31:11.303: Vi2.2 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
*Mar 1 00:31:11.303: Vi2.2 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Mar 1 00:31:11.303: Vi2.2 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
*Mar 1 00:31:11.303: Vi2.2 IPCP: I CONFACK [REQsent] id 1 len 10
*Mar 1 00:31:11.307: Vi2.2 IPCP: Address 192.168.0.89 (0x0306C0A80059)
*Mar 1 00:31:12.095: Vi2.2 IPCP: I CONFREQ [ACKrcvd] id 9 len 16
*Mar 1 00:31:12.099: Vi2.2 IPCP: Address 0.0.0.0 (0x030600000000)
*Mar 1 00:31:12.103: Vi2.2 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Mar 1 00:31:12.103: Vi2.2 IPCP: O CONFNAK [ACKrcvd] id 9 len 16
*Mar 1 00:31:12.107: Vi2.2 IPCP: Address 10.10.1.2 (0x03060A0A0102)
*Mar 1 00:31:12.111: Vi2.2 IPCP: PrimaryDNS 10.10.1.210 (0x81060A0A01D2)
*Mar 1 00:31:12.263: Vi2.2 IPCP: Timeout: State ACKrcvd
*Mar 1 00:31:12.267: Vi2.2 IPCP: O CONFREQ [ACKrcvd] id 2 len 10
*Mar 1 00:31:12.271: Vi2.2 IPCP: Address 192.168.0.89 (0x0306C0A80059)
*Mar 1 00:31:12.283: Vi2.2 IPCP: I CONFREQ [REQsent] id 10 len 16
*Mar 1 00:31:12.283: Vi2.2 IPCP: Address 10.10.1.2 (0x03060A0A0102)
*Mar 1 00:31:12.283: Vi2.2 IPCP: PrimaryDNS 10.10.1.210 (0x81060A0A01D2)
*Mar 1 00:31:12.283: Vi2.2 IPCP: O CONFACK [REQsent] id 10 len 16
*Mar 1 00:31:12.283: Vi2.2 IPCP: Address 10.10.1.2 (0x03060A0A0102)
*Mar 1 00:31:12.283: Vi2.2 IPCP: PrimaryDNS 10.10.1.210 (0x81060A0A01D2)
*Mar 1 00:31:12.291: Vi2.2 IPCP: I CONFACK [ACKsent] id 2 len 10
*Mar 1 00:31:12.291: Vi2.2 IPCP: Address 192.168.0.89 (0x0306C0A80059)
*Mar 1 00:31:12.291: Vi2.2 IPCP: State is Open
*Mar 1 00:31:12.299: Vi2.2 IPCP: Install route to 10.10.1.2
*Mar 1 00:31:12.307: Vi2.2 IPCP: Add link info for cef entry 10.10.1.2
L2TP#
L2TP#
L2TP#断开连接
*Mar 1 00:31:38.415: Vi2.2 LCP: I TERMREQ [Open] id 11 len 16 (0x37F139EB003CCD7400000000)
*Mar 1 00:31:38.419: Vi2.2 LCP: O TERMACK [Open] id 11 len 4
*Mar 1 00:31:38.423: Vi2.2 PPP: Sending Acct Event[Down] id[19]
*Mar 1 00:31:38.427: Vi2.2 PPP: Phase is TERMINATING
*Mar 1 00:31:39.055: Vi2.2 PPP: Block vaccess from being freed [0x19]
*Mar 1 00:31:39.943: Vi2.2 PPP: Missed link down notification
*Mar 1 00:31:39.947: Vi2.2 LCP: State is Closed
*Mar 1 00:31:39.947: Vi2.2 PPP: Phase is DOWN
*Mar 1 00:31:39.951: Vi2.2 IPCP: State is Closed
*Mar 1 00:31:39.955: Vi2.2 IPCP: Remove link info for cef entry 10.10.1.2
*Mar 1 00:31:39.955: Vi2.2 PPP: Unlocked by [0x1] Still Locked by [0x18]
*Mar 1 00:31:39.963: Vi2.2 PPP: Unlocked by [0x10] Still Locked by [0x8]
*Mar 1 00:31:39.963: Vi2.2 PPP: Send Message[Disconnect]
*Mar 1 00:31:39.967: Vi2.2 PPP: Unlocked by [0x8] Still Locked by [0x0]
*Mar 1 00:31:39.967: Vi2.2 PPP: Free previously blocked vaccess
*Mar 1 00:31:39.979: Vi2.2 IPCP: Remove route to 10.10.1.2
L2TP#
阅读(1425) | 评论(0) | 转发(0) |
