F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

241

242

243

244

245

246

247

248

249

250

233

Item Descri

tion

Tunnel Authentication

Enable or disable L2TP tunnel authentication in the group. If you enable tunnel

authentication, you need to set the authentication password.

The tunnel authentication request can be initiated by the LAC or LNS. Once

tunnel authentication is enabled on one end, a tunnel can be established if

tunnel authentication is also enabled on the other end and the passwords

configured on the two ends are the same and not null. If these requirements

cannot be satisfied, the tunnel initiator will tear down the tunnel connection

automatically. If tunnel authentication is disabled on both ends, the tunnel

authentication passwords configured will not take effect.

IMPORTANT:

• HP recommends enabling tunnel authentication on both ends of the tunnel

for security. You can disable tunnel authentication if you want to test the

network connectivity or let the local end receive connections initiated by

unknown peers.

• If you modify the tunnel authentication password when the tunnel is

working, you need to tear down the tunnel, so that the modified

authentication password can take effect when the tunnel is reestablished.

Authentication Password

PPP

Authentication

Configuration

Authenticati

on Method

Select the authentication method for PPP users on the local end.

You can select None, PAP, or CHAP. None means no authentication is

performed.

ISP Domain

Specify the ISP domain for PPP user authentication. You can perform the

following configurations:

You can add an ISP domain and modify or delete a selected ISP domain by

using the Add, Modify, and Delete buttons. For how to add an ISP domain, see

835H

Configuring an ISP domain."

PPP Address

PPP Server

IP/Mask

Specify the IP address and mask of the local end, or the IP address and mask

of the VT interface created.

PPP Server

Zone

Specify the security zone to which the local end belongs, or the security zone

to which the VT interface belongs.

The security zone cannot be a management security zone. Otherwise, you

cannot build an L2TP tunnel.

User

Address

Specify the address pool for assigning IP addresses to PPP users or assign an

IP address to a PPP user directly.

You can enter an IP address or select an address pool. You can add an

address pool and modify or delete a selected address pool by using the Add,

Modify, and Delete buttons. For how to add an address pool, see "

836H

Specifying

an IP address pool."

If you select Auto Assigned for User Address for PPP users that need to

authenticated, all the address pools in the relevant domain are used in

ascending order of pool number for IP address allocation.

Assign

Address

Forcibly

Specify whether to force the peer end to use the IP address assigned by the

local end. If you enable this function, the peer end is not allowed to use its

locally configured IP address.