Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
231232233234235236237238239240
223
15. The LNS assigns an internal IP address to the remote user. The user can now access the internal
resources of the enterprise network.
L2TP features
Flexible identity authentication mechanism and high security—L2TP by itself does not provide
security for connections. However, it has all the security features of PPP and allows for PPP
authentication (CHAP or PAP). L2TP can also cooperate with IPsec to guarantee data security,
strengthening the resistance of tunneled data to attacks. Tunnel encryption, end-to-end data
encryption, and end-to-end application-layer data encryption technologies can be used together
with L2TP for higher data security as required.
Multiprotocol transmission—L2TP tunnels PPP frames, which can be used to encapsulate packets of
multiple network layer protocols.
RADIUS authentication—An LAC and LNS can send the username and password of a remote user
to a RADIUS server for authentication.
Private address allocation—An LNS can reside behind the firewall of a corporate network and
dynamically allocates private addresses to remote users, facilitating corporate private address
management (RFC 1918) and improving the security.
Accounting flexibility—Accounting can be simultaneously carried out on the LAC and LNS,
allowing bills to be generated on the ISP side and charging and auditing to be processed on the
enterprise gateway. The L2TP can provide accounting data, such as inbound and outbound traffic
statistics (in packets and bytes) and the connection's start time and end time. These features enable
flexible accounting.
Reliability—L2TP supports LNS backup. When the connection to the primary LNS is torn down, an
LAC can establish a new one to a secondary LNS. This redundancy enhances the reliability and
fault tolerance of VPN services.
Protocols and standards
RFC 1661, The Point-to-Point Protocol (PPP)
RFC 1918, Address Allocation for Private Internets
RFC 2661, Layer Two Tunneling Protocol "L2TP"
Configuring L2TP in the Web interface
Recommended L2TP configuration procedure
For NAS-initiated mode, you must configure both the LAC and LNS. For client-initiated mode, you only
need to configure the LNS. You can perform only the LNS configuration in the Web interface and can
perform the LAC configuration only at the CLI. For information about configuring an LAC at the CLI, see
"Configuring an LAC."