R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

101

102

103

104

105

106

107

108

109

110

104

Configuring basic L2TP capability

An L2TP group is intended to represent a group of parameters and corresponds to one VPN user or one

group of VPN users. This not only allows for flexible L2TP configuration on devices, but also facilitates

one-to-one and one-to-many networking applications of LACs and LNSs. An L2TP group has only local

significance. However, you need to ensure that the relevant settings of the corresponding L2TP groups on

the LAC and LNS match respectively. For example, the local tunnel name configured on the LAC must

match the remote tunnel name configured on the LNS.

L2TP must be enabled for L2TP configuration to take effect. Tunnel names are used during tunnel

negotiation between an LAC and an LNS.

Follow these steps to configure basic L2TP capability:

To do… Use the command…

Remarks

Enter system view

system-view —

Enable L2TP l2tp enable

Required

Disabled by default

Create an L2TP group and enter its

view

l2tp-group group-number

Required

By default, no L2TP group exists.

Specify the local name of the tunnel tunnel name name

Optional

The system name of the firewall is

used by default.

Configuring an LAC

An LAC is responsible to establish tunnels with corresponding LNSs for users and sends user packets to

LNSs through the tunnels. Before configuring an LAC, you must enable L2TP and create an L2TP group.

Configuring an LAC to initiate tunneling requests for specified users

An LAC initiates tunneling requests only to specified LNSs for specified users. You can specify the users

to be serviced and the LNSs to be connected with.

You can specify the users to be serviced by providing the fully qualified name or the domain name.

Follow these steps to configure the LAC:

To do… Use the command…

Remarks

Enter system view system-view —

Enter L2TP group view l2tp-group group-number —

Enable the firewall to initiate

tunneling requests to one or more

IP addresses for one or more

specified VPN users

start l2tp { ip ip-address }&<1-5>

{ domain domain-name |

fullusername user-name }

Required

NOTE:

Up to five LNSs can be configured. The LAC initiates an L2TP tunneling request to its specified LNSs one by

one in their configuration order until it receives an acknowledgement from an LNS, which becomes the

tunnel peer.