[Quidway]dis cu
#
 sysname Quidway
#
 l2tp enable
#
 local-user admin password simple admin
 local-user admin service-type telnet
 local-user admin level 3
 local-user vpdnuser password simple user
 local-user vpdnuser service-type ppp
 local-user vpdnuser1 password simple user1
 local-user vpdnuser1 service-type ppp
 local-user vpdnuser2 password simple user2
 local-user vpdnuser2 service-type ppp
 local-user vpdnuser3 password simple user3
 local-user vpdnuser3 service-type ppp
 local-user vpdnuser4 password simple user4
 local-user vpdnuser4 service-type ppp
 local-user vpdnuser5 password simple user5
 local-user vpdnuser5 service-type ppp
 local-user vpdnuser6 password simple user6
 local-user vpdnuser6 service-type ppp
 local-user vpdnuser7 password simple user7
 local-user vpdnuser7 service-type ppp  
 local-user vpdnuser8 password simple user8
 local-user vpdnuser8 service-type ppp
 local-user vpdnuser9 password simple user9
 local-user vpdnuser9 service-type ppp
 local-user vpdnuser10 password simple user10
 local-user vpdnuser10 service-type ppp
 local-user quidway password simple guofeng
 local-user quidway service-type terminal telnet
 local-user quidway level 3
#
 ip pool 1 192.168.1.2 192.168.1.100
#
 aaa enable
#
 ip host 61.172.201.239
#
 firewall enable
#
isp domain sina.com.cn
 dns primary 202.102.192.68
 dns secondary 202.102.199.68
#
interface Virtual-Template1      
 ppp authentication-mode pap
 ip address 192.168.1.1 255.255.255.0
 remote address pool 1
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Ethernet0/0
 ip address 218.22.38.xx 255.255.255.0
 firewall packet-filter 3001 inbound
 firewall packet-filter 3001 outbound
 nat outbound 2001
 nat server protocol tcp global 218.22.38.210 www inside 192.168.0.59 www
#
interface Ethernet0/1
 ip address 192.168.0.2 255.255.255.0
#
interface NULL0
#
acl number 2001
 rule 0 permit source 192.168.0.0 0.0.0.255
#
acl number 3001
 rule 0 deny tcp destination-port eq 135
 rule 1 deny tcp destination-port eq 139
 rule 2 deny tcp destination-port eq 4444
 rule 3 deny tcp destination-port eq 5554
 rule 4 deny udp destination-port eq tftp
 rule 6 deny tcp source-port eq 5554 destination-port eq 9995
 rule 7 deny tcp source-port eq 5554 destination-port eq 9996
 rule 9 deny tcp destination-port eq 136
 rule 10 deny tcp destination-port eq 138
 rule 13 deny udp destination-port eq 135
 rule 14 deny udp destination-port eq 136
 rule 15 deny udp destination-port eq 389
 rule 16 deny udp destination-port eq 445
 rule 17 deny tcp destination-port eq 4899
 rule 18 deny tcp destination-port eq sunrpc
 rule 19 deny tcp destination-port eq 6588
 rule 20 deny tcp destination-port eq 1978
 rule 21 deny tcp destination-port eq 593
 rule 22 deny tcp destination-port eq 3389
 rule 23 deny tcp destination-port eq 137
 rule 24 deny udp destination-port eq snmp
 rule 26 deny tcp destination-port eq 445
 rule 27 deny tcp destination-port eq 2745
 rule 28 deny tcp destination-port eq 1080
 rule 29 deny tcp destination-port eq 6129
 rule 30 deny tcp destination-port eq 3127
 rule 31 deny tcp destination-port eq 3128
 rule 32 deny udp destination-port eq netbios-dgm
 rule 33 deny udp destination-port eq netbios-ns
 rule 34 deny tcp destination-port eq 5800
 rule 35 deny tcp destination-port eq 6667
 rule 36 deny tcp destination-port eq 1025
 rule 38 deny tcp destination-port eq 1068
 rule 39 deny tcp destination-port eq 9995
 rule 40 deny udp destination-port eq netbios-ssn
 rule 41 deny tcp destination-port eq 539
 rule 42 deny udp destination-port eq 539
 rule 43 deny udp destination-port eq 1434
 rule 44 deny udp destination-port eq 593
#
l2tp-group 1
 undo tunnel authentication
 mandatory-lcp
 allow l2tp virtual-template 1    
#
 ip route-static 0.0.0.0 0.0.0.0 218.22.38.209 preference 60
#
 snmp-agent
 snmp-agent local-engineid 000007DB7F000001000075A7
 snmp-agent sys-info version v3
#
user-interface con 0
 authentication-mode local
user-interface aux 0
user-interface vty 0 4
 authentication-mode local
#
return
 
WINDOWS客户端需要配置禁用IPSEC加密：
修改注册表：HKEY_LOCAL_MACHINE“SYSTEM“CurrentControlSet“Services“RasMan“Parameters
下修改ProhibitIPSec,值为,1.
 如果没有此键,请自行创建