HP VPN Firewall Appliances VPN Configuration Guide
244
those locally configured for VPN users. If an L2TP group's tunnel peer name and domain name match,
the LNS establishes a session according to the group configuration. Thus, different sessions can be
established for VPN users of different domains.
If multiple L2TP groups on the LNS are configured with the same remote tunnel name, make sure that their
tunnel authentication settings are the same. Mismatching tunnel authentication keys will result in tunnel
establishment failure.
To enable L2TP for VPNs:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable L2TP for VPNs.
l2tpmoreexam enable Disabled by default.
Configuring L2TP connection parameters
These L2TP connection parameter configuration tasks apply to both LACs and LNSs and are optional.
Configuring L2TP tunnel authentication
You can enable tunnel authentication to allow the LAC and LNS to authenticate each other. Either the
LAC or the LNS can initiate a tunnel authentication request. To implement tunnel authentication, enable
tunnel authentication on both the LAC and LNS, and configure the same non-null key on them.
To ensure tunnel security, enable tunnel authentication.
To change the tunnel authentication key, do so after tearing down the tunnel. Otherwise, your change
does not take effect.
To configure L2TP tunnel authentication:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter L2TP group view.
l2tp-group group-number N/A
3. Enable L2TP tunnel
authentication.
tunnel authentication
Optional.
Enabled by default.
4. Configure the tunnel
authentication key.
tunnel password { cipher | simple }
password
The key is null by default.
Setting the hello interval
To check the connectivity of a tunnel, the LAC and LNS regularly send each other hello packets. On
receipt of a hello packet, the LAC or LNS returns a response packet. If the LAC or LNS receives no hello
response packet from the peer within a specific period of time, it retransmits the hello packet. If it receives
no response packet from the peer after transmitting the hello packet three times, it considers the L2TP
tunnel is down and tries to re-establish a tunnel with the peer.
To set the hello interval:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A