Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
541542543544545546547548549550
7-96
Virtual Private Networks
Layer 2 Tunneling Protocol (L2TP) over IPsec
Layer 2 Tunneling Protocol (L2TP) over
IPsec
Microsoft VPN clients use Layer 2 Tunneling Protocol (L2TP) over IPsec to
establish VPN connections. The TMS zl Module can act as a gateway for these
endpoints, allowing them remote access to the private network.
L2TP over IPsec Overview
L2TP is a session-layer protocol (Layer 5) that mimics a data-link protocol
(Layer 2). It tunnels a Point-to-Point Protocol (PPP) connection between two
endpoints within UDP datagrams. Typically, the tunneled traffic is transmitted
in IP packets over a public network such as the Internet.
L2TP tunnels data, but it does not secure it. With L2TP over IPsec, the L2TP
session is encapsulated and secured by IPsec.
An L2TP over IPsec session is established in the following way:
1. A remote endpoint and the TMS zl Module negotiate an IPsec tunnel for
L2TP messages.
Typically, you should set up IKE to negotiate the IPsec tunnel. The module
and the remote client can use IKE preshared keys or digital certificates to
authenticate each other. The IPsec tunnel must use ESP for the protocol.
See “Overview of IPsec VPNs” on page 7-5.
2. The TMS zl Module (which is the L2TP gateway) and the remote VPN
client establish a L2TP tunnel.
The L2TP messages are sent on UDP 1701. In the course of establishing
the tunnel, the module and the remote client can authenticate each other
again using CHAP, PAP, or MS-CHAP.
Configuring L2TP over IPsec
You must complete these tasks to establish a client-to-site VPN that uses L2TP
over IPsec:
1. Create a user group for the L2TP over IPsec users. See “Configuring User
Authentication” in Chapter 4: “Firewall” for instructions on configuring a
user group.