HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

251

252

253

254

255

256

257

258

259

260

251

[LAC] l2tp enable

[LAC] l2tp-group 1

# Configure the local tunnel name and specify the IP address of the tunnel peer (LNS).

[LAC-l2tp1] tunnel name LAC

[LAC-l2tp1] start l2tp ip 3.3.3.2 fullusername vpdnuser

# Enable tunnel authentication and configure the authentication key.

[LAC-l2tp1] tunnel authentication

[LAC-l2tp1] tunnel password simple aabbcc

[LAC-l2tp1] quit

# Configure the PPP authentication method PAP, authentication username vpdnuser, and

password Hello for the virtual PPP user.

[LAC] interface virtual-template 1

[LAC-Virtual-Template1] ip address ppp-negotiate

[LAC-Virtual-Template1] ppp pap local-user vpdnuser password simple Hello

[LAC-Virtual-Template1] ppp authentication-mode pap

[LAC-Virtual-Template1] quit

# Configure a static route so that packets destined for the corporate will be forwarded through the

L2TP tunnel.

[LAC] ip route-static 10.1.0.0 16 virtual-template 1

# Create a local user, configure the username and password, and specify the service type as PPP.

[LAC] local-user vpdnuser

[LAC-luser-vpdnuser] password simple Hello

[LAC-luser-vpdnuser] service-type ppp

# Trigger the LAC to establish an L2TP tunnel with the LNS.

[LAC] interface virtual-template 1

[LAC-virtual-template1] l2tp-auto-client enable

NOTE:

On each host connected to the LAC or LNS, configure the gateway as the LAC or LNS.

3. Verify the configuration:

# On the LNS, perform the display l2tp session command to view the established L2TP session.

[LNS] display l2tp session

Total session = 1

LocalSID RemoteSID LocalTID

8279 6822 1

# On the LNS, perform the display l2tp tunnel command to view the established L2TP tunnel.

[LNS] display l2tp tunnel

Total tunnel = 1

LocalTID RemoteTID RemoteAddress Port Sessions RemoteName

1 1 3.3.3.1 1701 1 LAC

# On the LNS, you should be able to ping 10.2.0.1, a private network address on the LAC side.

This indicates that hosts on 10.2.0.0/16 and those on 10.1.0.0/16 can communicate with each

other through the L2TP tunnel.

[LNS] ping -a 10.1.0.1 10.2.0.1