Manualshelf

HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
241242243244245246247248249250
241
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a VT interface and enter
its view.
interface virtual-template
virtual-template-number
By default, no VT interface exists.
Configuring the local address and the address pool for allocation
After an L2TP tunnel is set up between an LAC and an LNS, the LNS needs to assign an IP address to a
VPN user. For this purpose, you can directly specify an IP address, or specify an address pool. Before
specifying an address pool, use the ip pool command in system view or ISP domain view to define the
address pool. For a VPN user to be authenticated, an IP address will be selected from the address pool
configured in ISP domain view. For a VPN user not requiring authentication, the IP address will be
selected from the global address pool defined in system view.
For details about the ip pool command, see Access Control Command Reference.
To configure a local address and address pool:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter VT interface view.
interface virtual-template
virtual-template-number
N/A
3. Configure the local IP
address.
ip address ip-address { mask |
mask-length } [ sub ]
N/A
4. Configure the authentication
mode for PPP users.
ppp authentication-mode { chap |
ms-chap | pap } * [ [ call-in ]
domain isp-name ]
Optional.
By default, no authentication is
performed for PPP users.
5. Specify the address pool for
allocating an IP address to a
PPP user, or assign an IP
address to the user directly.
remote address { pool
[ pool-number ] | ip-address }
Optional.
By default, address pool 0 (the
default address pool) is used.
Configuring an LNS to grant certain L2TP tunneling requests
When receiving a tunneling request, an LNS determines whether to grant the tunneling request by
checking whether the tunnel name of the LAC matches the one configured, and determines the VT
interface to be used to create the VA interface.
The start l2tp command and the allow l2tp command are mutually exclusive. Configuring one of them
automatically disables the other one.
The LAC side tunnel name configured on the LNS must be consistent with the local tunnel name
configured on the LAC.
To configure an LNS to grant certain L2TP tunneling requests:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter L2TP group view.
l2tp-group group-number N/A