Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
92
Both control messages and PPP frames are transferred on the tunnel. L2TP uses hello packets to check a
tunnel’s connectivity. The LAC and the LNS regularly send hello packets to each other. If no response
packet is received within a given amount of time, the tunnel is torn down.
Control message and data message
L2TP supports two types of messages: Control messages and data messages.
Control messages are used in establishment, maintenance, and clearing of tunnels and sessions.
Control messages are transmitted over a reliable control channel, which supports flow control and
congestion control.
Data messages encapsulate PPP frames to be tunneled. Data messages are transmitted over an
unreliable data channel that lacks flow control and congestion control, and retransmission
mechanisms.
Control messages and data messages share the same header structure. The Type field in the L2TP header
identifies whether a message is a control message or a data message. The tunnel ID and session ID fields
in the L2TP header identify the tunnel and session respectively. Packets with the same tunnel ID but
different session IDs are multiplexed to the same tunnel. The tunnel ID and session ID in a header are the
intended receiver’s, not those of the sender.
L2TP tunnel modes and tunnel establishment process
Two typical L2TP tunnel modes
Typical L2TP tunnel modes include NAS-initiated and client-initiated.
NAS-initiated
In this mode, a remote system dials in the LAC through a PPPoE/ISDN network, and the LAC initiates a
tunneling request to the LNS over the Internet, as shown in Figure 57. T
he LNS will assign the remote
system an IP address. Authentication and accounting of remote systems can be implemented on the LAC
by an agent or on the LNS.
Figure 57 NAS-initiated tunnel mode
Client-initiated
In this mode, a remote system running the L2TP client application initiates a tunneling request to the LNS
directly without any dedicated LAC device. The LNS will assign an L2TP client an IP address.