Friday, January 23, 2009

Configuring VPDN On Huawei Router

The main reason to post the document on blog is that we did not find any document related to huawei on internet which can help us out to deploy VPDN. So enjoy reading.

This document describes how to configure VPDN on huawei router with local authentication.

Enterprises customer always have requirement that their branch offices should connect to HO with the help of VPDN. The reason for giving VPDN access is mobility of the client. Any time any where branch office can dial a ip address which should be publically available and client PC can able to access the HO.

Understand the current topology
As shown in the figure 1 Customer HO is reachable via internet. For external access to its offices users a public ip address is configured on loopback 100. Any branch office PC can dial the ip address with respective username and password provided and after successful authentication user can easily access the devices. In the current topology HO is using huawei router and vpdn services are enabled on it. Remote user is using Windows XP & by default Windows XP use PPTP protocol but in the scenario customer requirement is to L2TP protocol. For this we need to make some changes on Windows XP machin which is given later in the document.

Advantages Of Using VPDN
Saving capex in terms of router and all lan infrastructure
Mobility of access

Huawei router need to be configured with VPDN configuration and Windows XP registery need to be modified with one value.

Problems Faced During Implementation
a) Debugs of L2TP were not generating on router.
b) On PC we were getting error number 792. It means PC is dialing but not getting response from the sever which is Huawei router in this case. But on router no L2TP logs were generated . In PC we had added a value in registry and was saved successfully. But after that we need to reboot the PC and there after logs were coming on router.
c)Now logs were coming on the router but we were getting one new error on PC i.e username and password is invalid for domain. The error was recovered by adding a simple command & there after PC authenticated successfully.

Configuration On Huawei Router
a) Enable L2TP on router.
l2tp enable
b) Define IP Pool For VPDN Users. IP addresses will be allocated friom this pool.
ip pool 1
c) Create Local User Name as shivlu & Password as huawei With Service Type PPP
local-user shivlu
password simple huawei
service-type ppp
Note:- If the service-type ppp command will be missing then you will be welcomed with the error “Username and Password Is Invalid For Domain” on Windows XP.
d) Create Interface Template
interface Virtual-Template1
ip address
remote address pool 1
Note:- Calling Pool 1 which is configured step b.
e) Bind Virtual Template With L2TP Group
l2tp-group 1
allow l2tp virtual-template 1
Note:- Calling Virtual Template 1 which is configured in step d.

Configuration On Windows XP/Vista
On Windows we need to create a value in the registry. In the below mentioned path create a Dword with value 1

Click Here to Download the full document.

shivlu jain

People who read this post also read :

No comments: