HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

241

242

243

244

245

246

247

248

249

250

240

Ste

Command

Remarks

3. Assign an IP address to the VT

interface or enable IP address

negotiation so that the VT

interface accepts the IP address

negotiated with the peer.

• ip address address mask

• ip address ppp-negotiate

Use either command.

By default, no IP address is

assigned by default.

4. Configure the authentication

method for the LAC to use to

authenticate the virtual PPP user.

ppp authentication-mode { chap

| pap } * [ domain isp-name ]

By default, no authentication is

performed for PPP users.

5. Configure the username and

password for PAP authentication

or CHAP authentication.

• Method 1:

Configure the username and

password for PAP

authentication:

ppp pap local-user username

password { cipher | simple }

password

• Method 2:

Configure the username and

password for CHAP

authentication:

a. ppp chap user username

b. ppp chap password

{ cipher | simple }

password

Use one method according to the

authentication method configured

on the LAC for virtual PPP users.

By default:

• No PAP username and

password are configured for

PPP users.

• No CHAP username and

password are configured for

PPP users.

6. Configure AAA authentication

for VPN users on the LAC side.

See "Configuring AAA

authentication for VPN users on

LAC side."

N/A

7. Trigger the LAC to establish an

L2TP tunnel with the LNS.

l2tp-auto-client enable

By default, an LAC does not

establish an L2TP tunnel.

For more information about commands interface virtual-template, ppp authentication-mode, ppp pap,

and ppp chap, see Network Management Command Reference.

Configuring an LNS

An LNS responds to the tunneling requests from an LAC, authenticates users, and assigns IP addresses to

users.

Before configuring an LNS, enable L2TP and create an L2TP group.

Creating a VT interface

A VT interface is intended to provide parameters for virtual access interfaces to be dynamically created

by the device, such as logical MP interfaces and logical L2TP interfaces.

After an L2TP session is established, a virtual access interface is needed for a data exchange with the

peer. An LNS can use different VA interfaces to exchange data with different LACs. You need to specify

the VT interface for receiving calls. The system will dynamically create a VA interface based on the

configuration parameters in the specified VT interface.

To create a VT interface: