Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
261262263264265266267268269270
256
multi-instance function can solve this problem. With this function, an LNS can differentiate multiple VPN
domains and service users of different enterprises simultaneously.
In an L2TP multi-instance application, specify the domain to which VPN users belong by using the
domain keyword in the allow l2tp virtual-template command. After an L2TP tunnel is established, the
LNS obtains the domain name from the session negotiation packet and searches for the same domain
among those locally configured for VPN users. If an L2TP group's tunnel peer name and domain name
match, the LNS establishes a session according to the group configuration. Thus, different sessions can
be established for VPN users of different domains.
To enable the L2TP multi-instance function:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable the L2TP multi-instance function.
l2tpmoreexam enable Disabled by default.
NOTE:
If multiple L2TP
g
roups on the LNS are confi
g
ured with the same remote tunnel name, make sure that their
tunnel authentication settings are the same. Mismatching tunnel authentication passwords will result in
tunnel establishment failure.
Specifying to send ACCM
According to RFC 2661, the Asynchronous Control Character Map (ACCM) AVP enables an LNS to
inform the LAC of the ACCM that the LNS has negotiated with the PPP peer.
Not every LAC supports ACCM. Therefore, an LNS needs to know whether it should send ACCM.
By default, an LNS sends ACCM. If the LAC does not support ACCM, configure the LNS not to send
ACCM.
To configure an LNS to send ACCM:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify to send ACCM.
l2tp sendaccm enable By default, an LNS sends ACCM.
Configuring L2TP connection parameters
These L2TP connection parameter configuration tasks apply to both LACs and LNSs and are optional.
Configuring L2TP tunnel authentication
You can enable tunnel authentication to allow the LAC and LNS to authenticate each other. Either the
LAC or the LNS can initiate a tunnel authentication request. To implement tunnel authentication, enable
tunnel authentication on both the LAC and LNS, and configure the same non-null password on them.
To configure L2TP tunnel authentication:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter L2TP group view.
l2tp-group group-number N/A