Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
221222223224225226227228229230
220
L2TP tunnel and session
The following types of connections are present between an LNS and an LAC:
Tunnel—A tunnel corresponds to a LNS-LAC pair, and comprises a control connection and one or
more sessions.
Session—A session corresponds to one PPP data stream between an LNS and a LAC and is
multiplexed on a tunnel. A session can be set up only after the tunnel is created.
Multiple L2TP tunnels can be established between an LNS and an LAC.
Both control messages and PPP frames are transferred on the tunnel. L2TP uses hello packets to check a
tunnel's connectivity. The LAC and the LNS regularly send hello packets to each other. If no response
packet is received within a given amount of time, the tunnel is torn down.
L2TP tunneling modes and tunnel establishment process
Three typical L2TP tunneling modes
Typical L2TP tunneling modes include the following:
NAS-initiated—In Figure 152, a remote system dials in to
the LAC through a PPPoE/ISDN network,
and the LAC initiates a tunneling request to the LNS over the Internet. The LNS assigns a private IP
address to the remote system. Authentication and accounting of the remote system can be
implemented on the LAC or on the LNS.
Figure 152 NAS-initiated tunneling mode
Client-initiated—In Figure 153, after being permitted to access the Internet, a remote system
running the L2TP client application (LAC client) directly initiates a tunneling request to the LNS
without any dedicated LAC device. The LNS assigns the LAC client a private IP address.
A LAC client needs a public network address to communicate with the LNS through the Internet.
Figure 153 Client-initiated tunneling mode
LAC-auto-initiated—In NAS-initiated mode, a remote system must successfully dial in to the LAC
through PPPoE or ISDN to trigger the LAC to initiate a tunneling request to the LNS.
In LAC-auto-initiated mode, you can create a virtual PPP user and use the l2tp-auto-client enable
command on the LAC. Then, the LAC automatically initiates a tunneling request to the LNS to