F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

251

252

253

254

255

256

257

258

259

260

244

Task Remarks

868H

Enabling L2TP for VPNs Optional.

869H

Configuring L2TP connection

parameters

870H

Configuring L2TP tunnel

authentication

Optional.

871H

Setting the hello interval

872H

Enabling tunnel flow control

873H

Disconnecting tunnels by force

232BConfiguring basic L2TP capability

An L2TP group is intended to represent a group of parameters and corresponds to one VPN user or one

group of VPN users. This enables not only flexible L2TP configuration on devices, but also one-to-one and

one-to-many networking applications for LACs and LNSs. An L2TP group only has local significance.

However, you must make sure that the relevant settings of the L2TP groups on the LAC and LNS match. For

example, the local tunnel name configured on the LAC must match the remote tunnel name configured on

the LNS.

L2TP must be enabled for L2TP configuration to take effect. Tunnel names are used during tunnel

negotiation between an LAC and an LNS.

To configure basic L2TP capability:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable L2TP.

l2tp enable

Disabled by default.

3. Create an L2TP group and

enter its view.

l2tp-group group-number By default, no L2TP group exists.

4. Specify the local name of the

tunnel.

tunnel name name

Optional.

The system name of the device is

used by default.

233BConfiguring an LAC

An LAC is responsible for establishing tunnels with LNSs for users and sends user packets to LNSs through

the tunnels. Before configuring an LAC, enable L2TP and create an L2TP group.

479BConfiguring an LAC to initiate tunneling requests for specified users

An LAC initiates tunneling requests only to specified LNSs for specified users. You can specify the users

to be serviced and the LNSs that will be connected. Users can be specified by their fully qualified name

or the domain name.

Up to five LNSs can be configured. The LAC initiates an L2TP tunneling request to its specified LNSs

consecutively in their configuration order until it receives an acknowledgement from an LNS, which then

becomes the tunnel peer.

To configure the LAC: