HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

231

232

233

234

235

236

237

238

239

240

227

Item Descri

tion

PPP

Authentication

Configuration

Authentication

Method

Select the authentication method for PPP users on the local end.

You can select None, PAP, or CHAP. None means no authentication is

performed.

ISP Domain

Specify the ISP domain for PPP user authentication. You can perform the

following configurations:

You can add an ISP domain and modify or delete a selected ISP domain by

using the Add, Modify, and Delete buttons. For information about how to

add an ISP domain, see "Configuring an ISP domain."

PPP Address

PPP Server

IP/Mask

Specify the IP address and mask of the local end, or the IP address and

mask of the VT interface created.

PPP Server

Zone

Specify the security zone to which the local end belongs, or the security

zone to which the VT interface belongs.

The security zone cannot be a management security zone. Otherwise, you

cannot build an L2TP tunnel.

User Address

Specify the address pool for assigning IP addresses to PPP users or assign

an IP address to a PPP user directly.

You can enter an IP address or select an address pool. You can add an

address pool and modify or delete a selected address pool by using the

Add, Modify, and Delete buttons. For information about how to add an

address pool, see "Specifying an IP address pool."

If you select Auto Assigned for User Address for PPP users that need to

authenticated, all the address

pools in the relevant domain are used in

ascending order of pool number for IP address allocation.

Assign Address

Forcibly

Specify whether to force the peer end to use the IP address assigned by the

local end. If you enable this function, the peer end is not allowed to use its

locally configured IP address.

Advanced

Configuration

Hello Interval

Specify the interval between sending hello packets.

To check the connectivity of a tunnel, the LAC and LNS regularly send Hello

packets to each other. When receiving a Hello packet, the LAC/LNS

returns a response packet. If the LAC or LNS receives no Hello response

packet from the peer within a specific period of time, it retransmits the

Hello packet. If it receives no response packet from the peer after

transmitting the Hello packet for three times, it considers that the L2TP

tunnel is down and tries to re-establish a tunnel with the peer.

The Hello intervals on the LAC and LNS ends of the tunnel can be different.

AVP Hidden

Specify whether to transfer AVP data in hidden mode.

With L2TP, some parameters are transferred as AVP data. You can

configure an LAC to transfer AVP data in hidden mode, so that AVP data is

encrypted before transmission for higher security.

This configuration is invalid on an LNS. The device cannot resolve hidden

challenge AVPs/challenge response AVPs.

Flow Control

Specify whether to enable flow control for the L2TP tunnel.

The L2TP tunnel flow control function is for control of data packets in

transmission. The flow control function helps in buffering and adjusting the

received out-of-order data packets.

Mandatory

CHAP

Specify user authentication on the LNS end.