HP VPN Firewall Appliances VPN Configuration Guide
237
Task Remarks
Configuring L2TP connection
parameters
Configuring L2TP tunnel authentication
Optional.
Setting the hello interval
Enabling tunnel flow control
Disconnecting tunnels by force
Configuring basic L2TP capability
An L2TP group is intended to represent a group of parameters and corresponds to one VPN user or one
group of VPN users. This enables not only flexible L2TP configuration on devices, but also one-to-one and
one-to-many networking applications for LACs and LNSs. An L2TP group only has local significance.
However, you must make sure that the relevant settings of the L2TP groups on the LAC and LNS match. For
example, the local tunnel name configured on the LAC must match the remote tunnel name configured on
the LNS.
L2TP must be enabled for L2TP configuration to take effect. Tunnel names are used during tunnel
negotiation between an LAC and an LNS.
To configure basic L2TP capability:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable L2TP.
l2tp enable Disabled by default.
3. Create an L2TP group and
enter its view.
l2tp-group group-number By default, no L2TP group exists.
4. Specify the local name of the
tunnel.
tunnel name name
Optional.
The system name of the device is
used by default.
Configuring an LAC
An LAC is responsible for establishing tunnels with LNSs for users and sends user packets to LNSs through
the tunnels. Before configuring an LAC, enable L2TP and create an L2TP group.
Configuring an LAC to initiate tunneling requests for specified users
An LAC initiates tunneling requests only to specified LNSs for specified users. You can specify the users
to be serviced and the LNSs that will be connected. Users can be specified by their fully qualified name
or the domain name.
Up to five LNSs can be configured. The LAC initiates an L2TP tunneling request to its specified LNSs
consecutively in their configuration order until it receives an acknowledgement from an LNS, which then
becomes the tunnel peer.
To configure the LAC:
Ste
p
Command
1. Enter system view.
system-view