Juniper l2tp结合radius认证.doc

Network ‘s topology Remote PC firewall Radius server Ip address 69 Trust:/24 Untrust:33/24 /24 gateway (router) (router) Ip pools - account ftp password ftp dns 00 wins 00 Firewall setting 1、Configuration--(auth--(server-(new 2、To create auth server “test-l2tp” 3\ “test-l2tp”setting enter the radius server’s ip and the shared secret key ”netscreen”, select the server ‘s type was L2TP 4\create the ip pool objects-(ip pools--(new create “test-l2tp-pools” enter the ip rang was - 5、edit the l2tp default settings define the l2tp authentication was using the radius server ”test-l2tp”. And the ip pool name was “test-l2tp-pools”. PPP authentication select PAP(netscreen support PAP in L2TP, and CHAP in the XAUTH). Define the DNS primary server ip 00,WINS server ‘s ip 00. 6、Define the L2TP tunnel selects “use default setting” 7、Add the Policy set policy from untrust to trust any “” any tunnel “l2tp-tunnel” log Radius server ‘s configuration(IAS ,windows internet authentication server) 1、The radius services used the UDP protocol.and use the ports 1645/1646 .so you can check the service using the “netstat –an” in windows’s CMD 2、configuring the Microsoft IAS server enter the name “netscreen”and the client ip address ,the client was the firewall’s interface .if the radius server was outside the firewall.the client’s ip address was the firewall’s untrust interface . enter the share secret key “netscreen”. 3、Add a Remote Access Policy selecting “edit” the account was windows user-group . user-group “sales”--(the member account “ftp” and the password “ftp” 4、 selecting the “add”,--(verdor-specific----(Double click the “verdor-specific”-(ok selecting : Add-(Framed-protocol---(double click the framed-protocol--(selecting PPP--(OK Remote PC configuring 3224 was netscreen IETF code