R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
248
Configuring L2TP at the CLI
L2TP configuration task list
When you configure L2TP, perform the following operations:
1. Determine the network device(s) needed according to the networking environment. For
NAS-initiated mode and LAC-auto-initiated mode, you need to configure both the LAC and the LNS.
For client-initiated mode, you only need to configure the LNS.
2. Configure the firewall(s) accordingly based on the intended role (LAC or NAS) on the network.
To configure the firewall as an LAC in NAS-initiated or LAC-auto-initiated mode, complete the following
tasks:
Task Remarks
Configuring basic
L2TP capability
Enable L2TP
Required.
Create an L2TP group
Specify the local name of the tunnel
Configuring an LAC
Configuring an LAC to initiate tunneling requests for
specified users
Required.
Configuring an LAC to transfer AVP data in hidden mode
Optional.
Configuring AAA authentication for VPN users on LAC
side
Required.
Configuring an LAC to establish an L2TP tunnel
Required in
LAC-auto-initiated mode.
No need to configure in
NAS-initiated mode.
Configuring L2TP
connection
parameters
Configuring L2TP tunnel authentication
Optional.
Setting the hello interval
Enabling tunnel flow control
Disconnecting tunnels by force
To configure the firewall as an LNS in NAS-initiated, client-initiated, or LAC-auto-initiated mode,
complete the following tasks:
Task Remarks
Configuring basic L2TP capability
Enable L2TP
Required Create an L2TP group
Specify the local name of the tunnel
Configuring an LNS
Creating a virtual template interface Required
Configuring the local address and the address
pool for allocation
Required
Configuring an LNS to grant certain L2TP
tunneling requests
Required