HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

241

242

243

244

245

246

247

248

249

250

238

Ste

Command

2. Enter L2TP group view.

l2tp-group group-number

3. Enable the device to initiate tunneling requests to

one or more IP addresses for one or more

specified VPN users.

start l2tp { ip ip-address }&<1-5> { domain

domain-name | fullusername user-name }

Configuring an LAC to transfer AVP data in hidden mode

With L2TP, some parameters are transferred as AVP data. To improve security, you can configure an LAC

to transfer AVP data in hidden mode—to encrypt AVP data before transmission.

This configuration takes effect only when tunnel authentication is enabled. For more information about

configuring tunnel authentication, see "Configuring L2TP tunnel authentication."

NOTE:

The device cannot support resolve hidden challenge AVPs/challenge response AVPs.

To configure an LAC to transfer AVP data in hidden mode:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter L2TP group view.

l2tp-group group-number N/A

3. Specify that AVP data be

transferred in hidden mode.

tunnel avp-hidden

Optional.

By default, AVP data is transferred

in plain text.

Configuring AAA authentication for VPN users on LAC side

You can configure an LAC to perform AAA authentication for VPN users and initiate a tunneling request

only for qualified users. No tunnel will be established for unqualified users.

The device supports both local AAA authentication and remote AAA authentication:

• For local AAA authentication, create a local user and configure a password for each remote user

on the LAC. The LAC authenticates a remote user by matching the provided username and

password against those configured locally.

• For remote AAA authentication, configure the username and password of each user on the

RADIUS/HWTACACS server. The LAC sends the remote user's username and password to the

server to authenticate.

1. Configuration restrictions and guidelines

When you configure AAA authentication for VPN users on LAC side, follow these guidelines:

{ For successful user authentication, configure PPP on the LAC's corresponding interface, for

example, the asynchronous serial interface that connects with users. For PPP configuration

information, see "Configuring PPP and MP."

{ Configure the authentication type of PPP users as PAP, CHAP, or MS-CHAP on the user access

interfaces.

2. Configuration procedure

To configure local authentication, authorization, and accounting: