做了以下配置L2TP连接不上,配置上有十么问题嘛?
ipsec transform-set 2
encapsulation-mode transport
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec transform-set 3
encapsulation-mode transport
esp encryption-algorithm aes-cbc-12
esp authentication-algorithm sha1
#
ipsec transform-set 4
encapsulation-mode transport
esp encryption-algorithm aes-cbc-256
esp authentication-algorithm sha1
#
ipsec transform-set 5
encapsulation-mode transport
esp encryption-algorithm des-cbc
esp authentication-algorithm sha1
#
ipsec transform-set 6
encapsulation-mode transport
esp encryption-algorithm 3des-cbc
esp authentication-algorithm sha1
#
ipsec transform-set 7
encapsulation-mode transport
esp encryption-algorithm aes-cbc-192
esp authentication-algorithm sha1
#
ipsec policy-template 1 1
transform-set 2 3 4 5 6 7
ike-profile 1
#
ipsec policy 1 1 isakmp template 1
#
ike profile 1
keychain 2
local-identity address 60.191.13.94
match remote identity address 0.0.0.0 0.0.0.0
proposal 1 2 3 4 5 6
#
ike proposal 1 encryption-algorithm aes-cbc-128
dh group2
authentication-algorithm md5
#
ike proposal 2
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
#
ike proposal 3
encryption-algorithm 3des-cbc
dh group2
#
ike proposal 4
encryption-algorithm aes-cbc-256
dh group2
#
ike proposal 5
dh group2
#
ike proposal 6
encryption-algorithm aes-cbc-192
dh group2
#
ike keychain 2
pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$ISbDYgWbwswe8omEVXmNtswBor2qEw==
#
l2tp enable
#
# l2tp-group 1 mode lns
allow l2tp virtual-template 1
undo tunnel authentication
#
interface Virtual-Template1
ppp authentication-mode chap domain system
ppp ipcp dns 114.114.114.114 202.101.172.35
remote address pool l2tp1
ip address 192.168.56.1 255.255.255.0
domain system
authentication ppp local
#
ip pool l2tp1 192.168.56.100 192.168.56.200
#
interface GigabitEthernet0/0
port link-mode route description Multiple_Line
bandwidth 50000
ip address 60.191.13.94 255.255.255.252
ipsec apply policy 1
#
(0)
您好,请知:
从反馈的配置来看,以下几个地方可能需要调整,请参考:
ike profile 1
keychain 2
local-identity address 60.191.13.94
match remote identity address 0.0.0.0 0.0.0.0 //0.0.0.0 0.0.0.0修改为指定对端具体的IP
proposal 1 2 3 4 5 6
ike keychain 2
pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$ISbDYgWbwswe8omEVXmNtswBor2qEw== // 0.0.0.0 0.0.0.0 修改为指定对端的具体IP
L2TP组这里添加个隧道名称看下:
[FW1]l2tp-group 1 mode lns
[FW1-l2tp1]undo tunnel authentication
[FW1-l2tp1]tunnel name LNS
[FW1-l2tp1]allow l2tp virtual-template 1
另外检查下路由。
(0)
 
	 
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
我试试