3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

101

102

103

104

105

106

107

108

109

110

LAC Configuration 109

By default, L2TP is disabled.

Creating L2TP Group L2TP group needs to be created in order to fulfill related parameter configurations

of L2TP. It allows you not only to configure L2TP functions as needed but also to

implement one-to-one and one-to-many networking applications between LAC

and LNS. L2TP groups are numbered separately on LAC and LNS, so LAC and LNS

only need to keep consistent in the configurations of the involved L2TP groups

(e.g. remote name of Tunnel, start L2TP and LNS address, etc.).

These configurations are compulsory on LAC side.

Perform the following configuration in system view.

After a L2TP group is created, other configurations related to the L2TP group can

be performed in L2TP group view, for example, name of peer end, condition

triggering L2TP Tunnel setup request and LNS address.

By default, no L2TP group is created.

Setting Condition

Triggering L2TP Tunnel

Setup Request and LNS

Address

A security gateway will not send L2TP Tunnel setup request to some other devices

unless certain conditions are met. By configuring decision making rule based on

user information and specifying IP address of LNS, you may allow the security

gateway to determine whether a user is a VPN user and initiate connection with

the LNS. Up to five LNS addresses can be configured, meaning LNS backup is

allowed. In normal operations, local security gateway (LAC) sends Tunnel setup

request to the peer end (LNS) in the order in which LNS addresses are configured

until some LNS accepts the request. This LNS becomes the peer end of L2TP

Tunnel. An L2TP Tunnel setup request can be triggered by full user name and

domain name.

Perform the following configuration in L2TP group view.

The parameters above have no default values and they can be configured as

needed. But at least one triggering condition must be configured for initiating

L2TP Tunnel setup request.

When the L2TP LAC starts a L2TP Tunnel connection, the system checks whether

the L2TP group specified according to the complete user name exists. If the system

Tab le 85 Create/delete L2TP group

Operation Command

Create L2TP group l2tp-group group-number

Delete L2TP group undo l2tp-group group-number

Tab le 86 Set condition triggering L2TP Tunnel setup request and LNS address

Operation Command

Configure to check if the user is VPN

user and set IP address of LNS

start l2tp { ip ip-addr [ ip ip-addr] [ ip ip-addr] ... } {

domain domain-name | fullusername user-name }

Cancel the Tunnel setup request

configuration

undo start