R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

101

102

103

104

105

106

107

108

109

110

105

Configuring an LAC to transfer AVP data in hidden mode

With L2TP, some parameters are transferred as attribute value pair (AVP) data. You can configure an LAC

to transfer AVP data in hidden mode, namely, encrypt AVP data before transmission, for higher security.

Follow these steps to configure an LAC to transfer AVP data in hidden mode:

To do… Use the command…

Remarks

Enter system view system-view —

Enter L2TP group view l2tp-group group-number —

Specify that AVP data be

transferred in hidden mode

tunnel avp-hidden

Optional

By default, AVP data is transferred in plain text.

Configuring AAA authentication of VPN users on LAC side

You can configure an LAC to perform AAA authentication of VPN users and initiate tunneling request for

only qualified users. No tunnel will be established for unqualified users.

The firewall supports both local AAA authentication and remote AAA authentication:

• With local AAA authentication, you need to create a local user and configure a password for each

remote user on the LAC. The LAC will authenticate a remote user by matching the provided

username and password against those configured locally.

• With remote AAA authentication, you need to configure the username and password of each user

on the RADIUS/HWTACACS server. The LAC will send the username and password of a remote

user to the server for identity authentication.

Follow these steps to configure the local authentication, authorization, and accounting:

To do… Use the command… Remarks

Enter system view system-view —

Create a local user and enter its

view

local-user username

Required

By default, no local user or

password is configured on an LAC.

Configure a password for the local

user

password { simple | cipher }

password

Authorize the user to use the PPP

service

service-type ppp Required

Return to system view quit —

Create an ISP domain and enter its

view

domain isp-name Required

Configure the domain to use local

authentication/authorization/acc

ounting for its PPP users

authentication ppp local Optional

Local

authentication/authorization/acc

ounting is used by default.

authorization ppp local

accounting ppp local