You are on page 1of 8

Case Study: Configuring VPDN On Huawei Router

Author: Shivlu Jain

Introduction

This document describes how to configure VPDN on huawei router with local authentication.

Requirements

Enterprises customer always have requirement that their branch offices should connect to HO with
the help of VPDN. The reason for giving VPDN access is mobility of the client. Any time any where
branch office can dial a ip address which should be publically available and client PC can able to
access the HO.

Understand the current topology

As shown in the figure 1 Customer HO is reachable via internet. For external access to its offices
users a public ip address is configured on loopback 100. Any branch office PC can dial the ip address
with respective username and password provided and after successful authentication user can easily
access the devices. In the current topology HO is using huawei router and vpdn services are enabled
on it. Remote user is using Windows XP & by default Windows XP use PPTP protocol but in the
scenario customer requirement is to L2TP protocol. For this we need to make some changes on
Windows XP machin which is given later in the document.

Advantages Of Using VPDN

 Saving capex in terms of router and all lan infrastructure

 Mobility of access

Requirements

Huawei router need to be configured with VPDN configuration and Windows XP registery need to be
modified with one value.

Problems Faced During Implementation

a) Debugs of L2TP were not generating on router.

b) On PC we were getting error number 792. It means PC is dialing but not getting response from the
sever which is Huawei router in this case. But on router no L2TP logs were generated . In PC we had
added a value in registry and was saved successfully. But after that we need to reboot the PC and
there after logs were coming on router.

c) Now logs were coming on the router but we were getting one new error on PC i.e username
and password is invalid for domain. The error was recovered by adding a simple command & there
after PC authenticated successfully.

Configuration On Huawei Router

a) Enable L2TP on router.

l2tp enable

b) Define IP Pool For VPDN Users. IP addresses will be allocated friom this pool.

ip pool 1 192.168.100.10 192.168.100.254

c) Create Local User Name as shivlu & Password as huawei With Service Type PPP

local-user shivlu

password simple huawei

service-type ppp
Note:- If the service-type ppp command will be missing then you will be welcomed with the error
“Username and Password Is Invalid For Domain” on Windows XP.

d) Create Interface Template

interface Virtual-Template1

ip address 192.168.100.9 255.255.255.0

remote address pool 1

Note:- Calling Pool 1 which is configured step b.

e) Bind Virtual Template With L2TP Group

l2tp-group 1

allow l2tp virtual-template 1

Note:- Calling Virtual Template 1 which is configured in step d.

Configuration On Windows XP/Vista

On Windows we need to create a value in the registry. In the below mentioned path create a Dword
with value 1

Hkey_Local_Machine\System\CurrentControlSet\Services\RasMan\Parameters

After that create vpn connection and make changes as given below:-
Figure 2

Right Click On Properties Of PPTP & then select security tab with advanced option.
Figure 3
Figure 4
Figure 5

Precautions

a) After adding value in registry must reboot the PC.

b) No need to add “ip pool” command under domain-system. Only use “ip pool” command in global.
If you are receiving a message of “No Ip Address Assigned” on Windows machine, then definately
you are configuring “ip pool” command under domain system. Donot do this.

c) No need to use “ppp authentication-mode pap” command under virtual template. Virtual
template is only using for ip allocation. Even if you are using it won't prompt any error.

Flow Of Call

a) User dial the ip address.

b) Request Come On Huawei Router it checks the local username and password.

c) After successful authentication L2TP tunnel is established.


d) Ip address from pool is allocated by virtual template.

Verification

From PC you can ping the virtual template 1 ip address. On Huawei router you can run the given
command

display l2tp session

You might also like