1.先给各个端口配地址
interface GigabitEthernet1/0/1
undo shutdown
ip address 192.168.12.1 255.255.255.0
service-manage enable
service-manage all permit
interface GigabitEthernet1/0/2
undo shutdown
ip address 192.168.100.1 255.255.255.0
service-manage enable
service-manage all permit
2.将接口放到zone域中
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/2
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
3.做Virtual-Template1配置
interface Virtual-Template1
ppp authentication-mode chap
remote address 172.16.100.1
ip address 172.16.100.254 255.255.255.0
firewall zone dmz
set priority 50
add interface Virtual-Template1
l2tp enable
l2tp-group 1
allow l2tp virtual-template 1 remote lac
tunnel authentication
tunnel password cipher 123!@#
tunnel name lns
security-policy
default action permit
[FW1]user-manage user lj domain default
[FW1-localuser-lj]password admin@321
[FW1-localuser-lj]parent-group /default
aaa
domain default
service-type l2tp
隧道验证码为123!@#
登陆密码:admin@321
开始连接,若是在第四步出现网卡起不来,就将电脑重启,重启后出现用户名或密码错误后在防火墙重新配置用户名密码即可。
若是到了第五步完成后出现对方登陆超时,将电脑的任务管理器打开,就可以连接了
[FW1-policy-security]default action deny 关闭策略,连接断开
