远程用户-------internet-------F100    采用l2tp方式

 

sysname XXXX                 //设备名称
#
 l2tp enable                                 //开启l2tp功能    
#
 firewall packet-filter enable
 firewall packet-filter default permit
#
 undo connection-limit enable
 connection-limit default deny
 connection-limit default amount upper-limit 50 lower-limit 20
#
 firewall statistic system enable
#
radius scheme system
 server-type extended
#
domain system
 ip pool 1 192.1.2.2 192.1.2.10
#
local-user admin
 password cipher .]@USE=B,53Q=^Q`MAF4<1!!
 service-type telnet terminal
 level 3
 

local-user xxx                                        //配置拨号用户
 password simple 123456
  service-type ppp
interface Virtual-Template1        //配置虚拟接口模板1及其验证方式  
 ppp authentication-mode pap
 ip address 192.168.2.1 255.255.255.0
 remote address pool 1
#
interface Ethernet1/0
 ip address 172.16.2.2 255.255.255.252
#
interface Ethernet2/0
 speed 10
 duplex half
 ip address 60.6.3.136 255.255.255.0
#
interface NULL0
 #
firewall zone local
 set priority 100
#
firewall zone trust                //把虚拟接口模板添加进入安全域
 add interface Ethernet1/0
 add interface Virtual-Template1
 set priority 85
#
firewall zone untrust
 add interface Ethernet2/0
 set priority 5
#
firewall zone DMZ
 set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
 firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
l2tp-group 1                                    //配置l2tp组1          
 undo tunnel authentication        //取消隧道验证
 allow l2tp virtual-template 1  //配置使用名字的方式发起l2tp连接
#
 FTP server enable
#
 telnet source-interface Ethernet1/0
#
 undo dhcp enable
#
 ip route-static 0.0.0.0 0.0.0.0 60.6.3.1 preference 60          //配置静态默认路由
 ip route-static 192.1.100.0 255.255.255.0 172.16.2.1 preference 60  //配置到内网静态路由
 ip route-static 192.2.100.0 255.255.255.0 172.16.2.1 preference 60   //配置到内网静态路由
#
user-interface con 0
user-interface vty 0 4
 authentication-mode scheme
#
return