R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
257
Ste
p
Command
Remarks
3. Enable L2TP tunnel
authentication.
tunnel authentication
Optional.
Enabled by default.
4. Configure the tunnel
authentication password.
tunnel password { simple | cipher }
password
The password is null by default.
NOTE:
• To ensure tunnel security, enable tunnel authentication.
• To change the tunnel authentication password, do so after tearing down the tunnel. Otherwise, your
change does not take effect.
Setting the hello interval
To check the connectivity of a tunnel, the LAC and LNS regularly send each other hello packets. On
receipt of a hello packet, the LAC or LNS returns a response packet. If the LAC or LNS receives no hello
response packet from the peer within a specific period of time, it retransmits the hello packet. If it receives
no response packet from the peer after transmitting the hello packet three times, it considers the L2TP
tunnel is down and tries to re-establish a tunnel with the peer.
To set the hello interval:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter L2TP group view.
l2tp-group group-number N/A
3. Set the hello interval.
tunnel timer hello hello-interval
Optional.
60 seconds by default.
Enabling tunnel flow control
The L2TP tunnel flow control function controls data packet transmission by buffering and adjusting data
packets that arrive out of order.
To enable tunnel flow control:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter L2TP group view.
l2tp-group group-number N/A
3. Enable the tunnel flow
control function.
tunnel flow-control
Optional.
Disabled by default.
Disconnecting tunnels by force
Either the LAC or the LNS can initiate a tunnel disconnection request. You can also disconnect a tunnel
when no users are online or a network failure occurs. Once a tunnel is disconnected, the control
connection and all the sessions within the tunnel are removed. When a user dials in, a new tunnel is
established.
To disconnect tunnels by force: