Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
91
Basic concepts of L2TP
Background of L2TP
The point-to-point Protocol (PPP) defines an encapsulation mechanism that allows a point-to-point link to
carry packets of various protocols. When PPP runs between a user and an NAS, the PPP session and the
Layer 2 link terminate at the same physical device—the NAS.
L2TP tunnels PPP packets and extends the PPP model by enabling the Layer 2 link endpoint and the PPP
session endpoint to reside on different devices (LAC and NAS respectively) that are interconnected by a
packet-switched network, such as the Internet.
Combining the advantages of L2F and PPTP, L2TP is now the Layer 2 tunneling industry standard of the
Internet Engineering Task Force (IETF).
L2TP architecture
Figure 55 shows the relationship between the PPP frame, control channel, and data channel. PPP frames
are transferred over unreliable L2TP data channels. Control messages are transferred within reliable L2TP
control channels.
Figure 55 L2TP architecture
Figure 56 L2TP packet encapsulation structure
Figure 56 depicts the encapsulation structure of an L2TP data packet between the LAC and the LNS.
Usually, L2TP data is transferred as User Data Protocol (UDP) packets. The well-known UDP port for L2TP
is 1701, though this is only used in the tunnel creation stage. The L2TP tunnel initiator selects an idle port
(not necessarily 1701) to send a packet to port 1701 of the receiver. After receiving the packet, the
receiver also selects an idle port (not necessarily 1701 either) to return a packet to the specified port of
the initiator. Then, the two parties use the negotiated ports to communicate until the tunnel is
disconnected.
Tunnel and session
Two types of connections are present between an LNS and an LAC: Tunnel and session.
A tunnel corresponds to a LNS-LAC pair, and comprises a control connection and one or more
sessions.
A session corresponds to one PPP data stream between an LNS and a LAC and is multiplexed on
a tunnel. A session can be set up only after the tunnel is created.
Multiple L2TP tunnels can be established between an LNS and an LAC.