在Windows電腦和思科路由器之間設定L2TP隧道
簡介
本檔案將說明如何在Windows機器和Cisco路由器之間設定第2層通道通訊協定(L2TP)通道。
必要條件
需求
思科建議您瞭解Windows計算機可對路由器上的物理介面IP地址執行ping。
採用元件
本文件所述內容不限於特定軟體和硬體版本。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路正在作用,請確保您已瞭解任何指令可能造成的影響。
設定
網路圖表
本檔案會使用以下網路設定:
組態
聚合器配置:
聚合器上的配置示例如下:
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
negotiation auto
end interface Loopback100
ip address 172.16.1.1 255.255.255.255
end vpdn enable
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
no l2tp tunnel authentication interface Virtual-Template1
ip unnumbered Loopback100
peer default ip address pool test
ppp authentication chap callout
ppp ipcp dns 4.2.2.1 4.2.2.2
end ip local pool test 10.1.1.2 10.1.1.100
Windows電腦配置和設定
請完成以下步驟:
步驟1.開啟網路與共用中心,然後按一下Set up a new connection or network,如下圖所示。
步驟2.選擇連線到工作場所,然後點選下一步
步驟3.選擇使用我的Internet連線(VPN)
步驟4.輸入聚合器的IP地址(本例中為192.168.1.1),為連線指定一個名稱(本例中將該名稱命名為VPDN),然後按一下下一步。
步驟5.輸入使用者名稱和密碼,然後按一下Connect
步驟6.驗證使用者名稱和密碼
步驟7.可能首次失敗,如下圖所示。
步驟8.按一下「Set up the connection anyway」,然後開啟Networks索引標籤。
步驟9.按一下右鍵連線(此處VPDN),然後按一下Properties。驗證聚合器的IP地址(這裡為192.168.1.1)
步驟10.導覽至Options>PPP Settings,然後驗證設定,如下圖所示。
步驟11.導覽至Security >Type of VPN >Layer 2 Tunneling Protocol with IPsec,如下圖所示。
步驟12.在Data encryption下拉選單中選擇No encryption allowed選項:
步驟13.取消選中Microsoft CHAP版本2,然後按一下OK。
步驟14.開啟網路(這裡為VPDN),然後按一下「Connect」。
步驟15.輸入使用者名稱和密碼,然後按一下Connect
驗證
步驟1.再次開啟Networks頁籤,選擇網路(在此示例中命名為VPDN)並驗證狀態為Connected。
步驟2.開啟命令提示符並運行ipconfig /all 命令。
完成PPP網際網路通訊協定控制通訊協定(IPCP)階段後,聚合器會指定IPv4位址和網域名稱伺服器(DNS)。
步驟3.在聚合器上運行debug ppp negotiation命令和其他show命令:
Aggregator#
*Apr 12 06:17:38.148: PPP: Alloc Context [38726D0C]
*Apr 12 06:17:38.148: ppp11 PPP: Phase is ESTABLISHING
*Apr 12 06:17:38.148: ppp11 PPP: Using vpn set call direction
*Apr 12 06:17:38.148: ppp11 PPP: Treating connection as a callin
*Apr 12 06:17:38.148: ppp11 PPP: Session handle[A600000B] Session id[11]
*Apr 12 06:17:38.148: ppp11 LCP: Event[OPEN] State[Initial to Starting]
*Apr 12 06:17:38.148: ppp11 PPP: No remote authentication for call-in
*Apr 12 06:17:38.148: ppp11 PPP LCP: Enter passive mode, state[Stopped]
*Apr 12 06:17:38.607: ppp11 LCP: I CONFREQ [Stopped] id 0 len 21
*Apr 12 06:17:38.607: ppp11 LCP: MRU 1400 (0x01040578)
*Apr 12 06:17:38.607: ppp11 LCP: MagicNumber 0x795C7CD1 (0x0506795C7CD1)
*Apr 12 06:17:38.607: ppp11 LCP: PFC (0x0702)
*Apr 12 06:17:38.607: ppp11 LCP: ACFC (0x0802)
*Apr 12 06:17:38.607: ppp11 LCP: Callback 6 (0x0D0306)
*Apr 12 06:17:38.608: ppp11 LCP: O CONFREQ [Stopped] id 1 len 10
*Apr 12 06:17:38.608: ppp11 LCP: MagicNumber 0xF7C3D2B9 (0x0506F7C3D2B9)
*Apr 12 06:17:38.608: ppp11 LCP: O CONFREJ [Stopped] id 0 len 7
*Apr 12 06:17:38.608: ppp11 LCP: Callback 6 (0x0D0306)
*Apr 12 06:17:38.608: ppp11 LCP: Event[Receive ConfReq-] State[Stopped to REQsent]
*Apr 12 06:17:38.615: ppp11 LCP: I CONFACK [REQsent] id 1 len 10
*Apr 12 06:17:38.615: ppp11 LCP: MagicNumber 0xF7C3D2B9 (0x0506F7C3D2B9)
*Apr 12 06:17:38.615: ppp11 LCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
*Apr 12 06:17:38.615: ppp11 LCP: I CONFREQ [ACKrcvd] id 1 len 18
*Apr 12 06:17:38.615: ppp11 LCP: MRU 1400 (0x01040578)
*Apr 12 06:17:38.615: ppp11 LCP: MagicNumber 0x795C7CD1 (0x0506795C7CD1)
*Apr 12 06:17:38.616: ppp11 LCP: PFC (0x0702)
*Apr 12 06:17:38.616: ppp11 LCP: ACFC (0x0802)
*Apr 12 06:17:38.616: ppp11 LCP: O CONFNAK [ACKrcvd] id 1 len 8
*Apr 12 06:17:38.616: ppp11 LCP: MRU 1500 (0x010405DC)
*Apr 12 06:17:38.616: ppp11 LCP: Event[Receive ConfReq-] State[ACKrcvd to ACKrcvd]
*Apr 12 06:17:38.617: ppp11 LCP: I CONFREQ [ACKrcvd] id 2 len 18
*Apr 12 06:17:38.617: ppp11 LCP: MRU 1400 (0x01040578)
*Apr 12 06:17:38.617: ppp11 LCP: MagicNumber 0x795C7CD1 (0x0506795C7CD1)
*Apr 12 06:17:38.617: ppp11 LCP: PFC (0x0702)
*Apr 12 06:17:38.617: ppp11 LCP: ACFC (0x0802)
*Apr 12 06:17:38.617: ppp11 LCP: O CONFNAK [ACKrcvd] id 2 len 8
*Apr 12 06:17:38.617: ppp11 LCP: MRU 1500 (0x010405DC)
*Apr 12 06:17:38.617: ppp11 LCP: Event[Receive ConfReq-] State[ACKrcvd to ACKrcvd]
*Apr 12 06:17:38.618: ppp11 LCP: I CONFREQ [ACKrcvd] id 3 len 18
*Apr 12 06:17:38.618: ppp11 LCP: MRU 1500 (0x010405DC)
*Apr 12 06:17:38.618: ppp11 LCP: MagicNumber 0x795C7CD1 (0x0506795C7CD1)
*Apr 12 06:17:38.618: ppp11 LCP: PFC (0x0702)
*Apr 12 06:17:38.618: ppp11 LCP: ACFC (0x0802)
*Apr 12 06:17:38.618: ppp11 LCP: O CONFACK [ACKrcvd] id 3 len 18
*Apr 12 06:17:38.618: ppp11 LCP: MRU 1500 (0x010405DC)
*Apr 12 06:17:38.618: ppp11 LCP: MagicNumber 0x795C7CD1 (0x0506795C7CD1)
*Apr 12 06:17:38.618: ppp11 LCP: PFC (0x0702)
*Apr 12 06:17:38.619: ppp11 LCP: ACFC (0x0802)
*Apr 12 06:17:38.619: ppp11 LCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
*Apr 12 06:17:38.621: ppp11 LCP: I IDENTIFY [Open] id 4 len 18 magic 0x795C7CD1MSRASV5.20
*Apr 12 06:17:38.621: ppp11 LCP: I IDENTIFY [Open] id 5 len 24 magic 0x795C7CD1MSRAS-0-ADMIN-PC
*Apr 12 06:17:38.621: ppp11 LCP: I IDENTIFY [Open] id 6 len 24 magic 0x795C7CD1Z8Of(U3G.cIwR<#!
*Apr 12 06:17:38.626: ppp11 PPP: Queue IPV6CP code[1] id[7]
*Apr 12 06:17:38.626: ppp11 PPP: Queue IPCP code[1] id[8]
*Apr 12 06:17:38.640: ppp11 PPP: Phase is FORWARDING, Attempting Forward
*Apr 12 06:17:38.640: ppp11 LCP: State is Open
*Apr 12 06:17:38.657: Vi3.1 PPP: Phase is ESTABLISHING, Finish LCP
*Apr 12 06:17:38.657: Vi3.1 PPP: Phase is UP
*Apr 12 06:17:38.657: Vi3.1 IPCP: Protocol configured, start CP. state[Initial]
*Apr 12 06:17:38.657: Vi3.1 IPCP: Event[OPEN] State[Initial to Starting]
*Apr 12 06:17:38.657: Vi3.1 IPCP: O CONFREQ [Starting] id 1 len 10
*Apr 12 06:17:38.657: Vi3.1 IPCP: Address 172.16.1.1 (0x0306AC100101)
*Apr 12 06:17:38.657: Vi3.1 IPCP: Event[UP] State[Starting to REQsent]
*Apr 12 06:17:38.657: Vi3.1 PPP: Process pending ncp packets
*Apr 12 06:17:38.657: Vi3.1 IPCP: Redirect packet to Vi3.1
*Apr 12 06:17:38.657: Vi3.1 IPCP: I CONFREQ [REQsent] id 8 len 34
*Apr 12 06:17:38.657: Vi3.1 IPCP: Address 0.0.0.0 (0x030600000000)
*Apr 12 06:17:38.657: Vi3.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Apr 12 06:17:38.657: Vi3.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
*Apr 12 06:17:38.657: Vi3.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Apr 12 06:17:38.657: Vi3.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
*Apr 12 06:17:38.657: Vi3.1 IPCP AUTHOR: Done. Her address 0.0.0.0, we want 0.0.0.0
*Apr 12 06:17:38.657: Vi3.1 IPCP: Pool returned 10.1.1.9
*Apr 12 06:17:38.657: Vi3.1 IPCP: O CONFREJ [REQsent] id 8 len 16
*Apr 12 06:17:38.658: Vi3.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
*Apr 12 06:17:38.658: Vi3.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
*Apr 12 06:17:38.658: Vi3.1 IPCP: Event[Receive ConfReq-] State[REQsent to REQsent]
*Apr 12 06:17:38.658: Vi3.1 IPV6CP: Redirect packet to Vi3.1
*Apr 12 06:17:38.658: Vi3.1 IPV6CP: I CONFREQ [UNKNOWN] id 7 len 14
*Apr 12 06:17:38.658: Vi3.1 IPV6CP: Interface-Id F0AA:D7A4:5750:D93E (0x010AF0AAD7A45750D93E)
*Apr 12 06:17:38.658: Vi3.1 LCP: O PROTREJ [Open] id 2 len 20 protocol IPV6CP (0x0107000E010AF0AAD7A45750D93E)
*Apr 12 06:17:38.672: Vi3.1 IPCP: I CONFACK [REQsent] id 1 len 10
*Apr 12 06:17:38.672: Vi3.1 IPCP: Address 172.16.1.1 (0x0306AC100101)
*Apr 12 06:17:38.672: Vi3.1 IPCP: Event[Receive ConfAck] State[REQsent to ACKrcvd]
*Apr 12 06:17:38.672: Vi3.1 IPCP: I CONFREQ [ACKrcvd] id 9 len 22
*Apr 12 06:17:38.672: Vi3.1 IPCP: Address 0.0.0.0 (0x030600000000)
*Apr 12 06:17:38.672: Vi3.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Apr 12 06:17:38.672: Vi3.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Apr 12 06:17:38.672: Vi3.1 IPCP: O CONFNAK [ACKrcvd] id 9 len 22
*Apr 12 06:17:38.672: Vi3.1 IPCP: Address 10.1.1.9 (0x03060A010109)
*Apr 12 06:17:38.672: Vi3.1 IPCP: PrimaryDNS 4.2.2.1 (0x810604020201)
*Apr 12 06:17:38.672: Vi3.1 IPCP: SecondaryDNS 4.2.2.2 (0x830604020202)
*Apr 12 06:17:38.672: Vi3.1 IPCP: Event[Receive ConfReq-] State[ACKrcvd to ACKrcvd]
*Apr 12 06:17:38.747: Vi3.1 IPCP: I CONFREQ [ACKrcvd] id 10 len 22
*Apr 12 06:17:38.747: Vi3.1 IPCP: Address 10.1.1.9 (0x03060A010109)
*Apr 12 06:17:38.747: Vi3.1 IPCP: PrimaryDNS 4.2.2.1 (0x810604020201)
*Apr 12 06:17:38.747: Vi3.1 IPCP: SecondaryDNS 4.2.2.2 (0x830604020202)
*Apr 12 06:17:38.747: Vi3.1 IPCP: O CONFACK [ACKrcvd] id 10 len 22
*Apr 12 06:17:38.748: Vi3.1 IPCP: Address 10.1.1.9 (0x03060A010109)
*Apr 12 06:17:38.748: Vi3.1 IPCP: PrimaryDNS 4.2.2.1 (0x810604020201)
*Apr 12 06:17:38.748: Vi3.1 IPCP: SecondaryDNS 4.2.2.2 (0x830604020202)
*Apr 12 06:17:38.748: Vi3.1 IPCP: Event[Receive ConfReq+] State[ACKrcvd to Open]
*Apr 12 06:17:38.768: Vi3.1 IPCP: State is Open
*Apr 12 06:17:38.769: Vi3.1 Added to neighbor route AVL tree: topoid 0, address 10.1.1.9
*Apr 12 06:17:38.769: Vi3.1 IPCP: Install route to 10.1.1.9
Aggregator#show caller ip
Line User IP Address Local Number Remote Number <->
Vi3.1 - 10.1.1.9 - - in Aggregator#show ip interface brief | exclude un
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/1 192.168.1.1 YES manual up up
Loopback100 172.16.1.1 YES manual up up
步驟4.驗證Windows電腦是否可以到達聚合器(本例中為Loopback 100介面)之後的遠端網路
疑難排解
目前尚無適用於此組態的具體疑難排解資訊。
意見