- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Client to site with L2TP/IPSec and IKEV1 And IKEv2
Comware Based
1752618
Members
4312
Online
108788
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2017 04:15 AM - edited 07-14-2017 04:58 AM
07-14-2017 04:15 AM - edited 07-14-2017 04:58 AM
Client to site with L2TP/IPSec and IKEV1 And IKEv2
Hi,
Managed to make configuration for client to site:
- L2TP/IPSec -> Windows 10 compatible(ms-chap-v2)
- IKEv1 with preshared key(tunnel)
- IKEv2 with preshared key
Still i do not undestand the ACL's.
ISP on GE0/0 and local natted on GE0/1.
# version 7.1.064, Release 0605P13 # sysname normain # ip pool l2tp1 192.168.15.20 192.168.15.40 # dhcp enable dhcp server always-broadcast # dns proxy enable # password-recovery enable # vlan 1 # object-group ip address l2tpkayttajat # object-group service http1 # object-group service http2 # object-group service https1 # object-group service https2 # object-group service icmp1 # object-group service ikev1 # object-group service l2tppavelut # dhcp server ip-pool GigabitEthernet0/1 gateway-list 192.168.16.2 network 192.168.16.0 mask 255.255.255.0 address range 192.168.16.230 192.168.16.250 dns-list 192.168.16.2 # controller Cellular0/0 # interface Aux0 # interface Virtual-Template1 ppp authentication-mode ms-chap-v2 remote address pool l2tp1 ip address 192.168.15.2 255.255.255.0 # interface NULL0 # interface GigabitEthernet0/0 port link-mode route description Multiple_Line ip address dhcp-alloc packet-filter ipv6 name GigabitEthernet0/0 inbound packet-filter name GigabitEthernet0/0 inbound packet-filter ipv6 name GigabitEthernet0/0 outbound nat outbound ipsec apply policy NorVPN # interface GigabitEthernet0/1 port link-mode route ip address 192.168.16.2 255.255.255.0 # interface Tunnel9 mode ipv4-ipv4 # security-zone name Local # security-zone name Trust # security-zone name DMZ # security-zone name Untrust # security-zone name Management # scheduler logfile size 16 # line class aux user-role network-admin # line class tty user-role network-operator # line class vty user-role network-operator # line aux 0 speed 115200 user-role network-admin screen-length 512 # line vty 0 63 authentication-mode scheme user-role network-operator # ssh server enable # acl advanced name GigabitEthernet0/0 rule 100 permit icmp rule 101 permit tcp destination-port eq 443 rule 102 permit tcp destination-port eq 500 rule 102 comment VPN ike rule 103 permit tcp destination-port eq 4500 rule 103 comment VPN ike nat rule 104 permit udp destination-port eq 500 rule 104 comment VPN ike rule 115 permit udp destination-port eq 4500 rule 120 permit 50 rule 130 permit udp destination-port eq 1701 rule 9999 deny ip # acl ipv6 advanced name GigabitEthernet0/0 rule 65534 deny ipv6 # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage
password hash $h$6$tRC9AKyVikQqchKp$eLmHWP/R5RKUgzdQSECq7iR1n7Xj5OKG5urFe7uU8Jhs5YrMc+0x/9Mv3UaKskSPn0g31dodFH9rq8RNg9rphQ== service-type ssh telnet http https authorization-attribute user-role network-admin # local-user testia class manage authorization-attribute user-role network-operator # local-user salainen123 class network password cipher $c$3$973UwDm7PF9vnF4YVJ/zfpq9ld56vpzcoJDd81oK service-type ppp authorization-attribute user-role network-operator # local-user testi class network password cipher $c$3$jwA28TMl0+LJEvOprCTGTJKokp1WhZ/Q service-type advpn service-type ike service-type lan-access service-type portal service-type ppp service-type sslvpn authorization-attribute acl 3000 authorization-attribute user-role network-operator authorization-attribute sslvpn-policy-group norsslvpn # local-user testi123 class network password cipher $c$3$9rX9i8moHKW8bQrzC8HtnNxmms39MZQtFJeB service-type portal authorization-attribute user-role network-operator # ipsec logging packet enable ipsec logging negotiation enable # ipsec transform-set NorVPN encapsulation-mode transport esp encryption-algorithm aes-cbc-256 esp authentication-algorithm sha1 ah authentication-algorithm sha256 # ipsec transform-set NorVPNTrans1 esp encryption-algorithm aes-cbc-256 esp authentication-algorithm sha256 ah authentication-algorithm sha256 pfs dh-group2 # ipsec policy-template NorVPN 65535 transform-set NorVPN NorVPNTrans1 ike-profile NorVPN ikev2-profile norikev2 sa duration time-based 3600 sa duration traffic-based 1843200 tfc enable # ipsec policy NorVPN 65535 isakmp template NorVPN # l2tp-group 1 mode lns allow l2tp virtual-template 1 undo tunnel authentication tunnel name NorVPN # l2tp enable # ike logging negotiation enable # ike profile NorVPN keychain NorVPN keychain norikev2 local-identity address 0.0.0.0 match remote identity address 0.0.0.0 0.0.0.0 proposal 65535 65534 # ike proposal 65534 encryption-algorithm aes-cbc-256 dh group2 authentication-algorithm sha256 sa duration 28800 # ike proposal 65535 encryption-algorithm 3des-cbc dh group2 sa duration 28800 # ike keychain NorVPN pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$Ro0d6ttejVcVKYhJGSAcCdS418csOvQkbFhqdGY1 # ip https enable # ips signature auto-update-url https://tmc.tippingpoint.com/TMC/msrIPSDVInfo # ikev2 keychain norikev2 peer norikev2 address 0.0.0.0 0.0.0.0 identity key-id 0.0.0.0 pre-shared-key ciphertext $c$3$qN1rqZZU91Vz37x+d3EWMQxuwJc6NxM8kNYmbH0f # ikev2 profile norikev2 authentication-method local pre-share authentication-method remote pre-share keychain norikev2 identity local key-id 0.0.0.0 match remote identity key-id 0.0.0.0 # ikev2 proposal norikev2 encryption aes-cbc-256 integrity sha256 dh group2 # ikev2 policy norikev2 priority 1 proposal norikev2 # return
Any advices for me?
*Addresses, users and passworss are not final.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP