R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

111

112

113

114

115

116

117

118

119

120

111

To do… Use the command…

Remarks

Enable the tunnel flow control

function

tunnel flow-control

Optional

Disabled by default

Disconnecting tunnels by force

Either the LAC or the LNS can initiate a tunnel disconnection request. You can also disconnect a tunnel

when no users are online or a network failure occurs. Once a tunnel is disconnected, the control

connection and all the sessions within the tunnel are removed. When a user dials in, a new tunnel is

established.

Follow these steps to disconnect tunnels by force:

To do… Use the command…

Remarks

Disconnect tunnels by force

reset l2tp tunnel { id tunnel-id | name

remote-name }

Available in user view

Displaying and maintaining L2TP

To do… Use the command…

Remarks

Display information about L2TP tunnels

display l2tp tunnel

Available in any view

Display information about L2TP sessions display l2tp session Available in any view

NAS-initiated VPN configuration example

Network requirements

A VPN user accesses the corporate headquarters the following procedure:

1. The user dials in to the NAS (LAC).

2. The NAS determines whether the user is a valid VPN client. If so, it initiates a tunneling request to

the LNS.

3. After a tunnel is set up between the NAS and the LNS, the NAS transfers the results of its

negotiation with the VPN user to the LNS.

4. The LNS decides whether to accept the connection request according to the negotiated results.

5. The user communicates with the headquarters over the tunnel between the NAS and the LNS.

Figure 65 Network diagram for the NAS-initiated VPN

Configuration procedure

1. LAC side configuration

• Configure the NAS

# Configure IP addresses for the interfaces. (Omitted)