Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
651652653654655656657658659660
7-142
Virtual Private Networks
Layer 2 Tunneling Protocol (L2TP) over IPsec Concepts
Layer 2 Tunneling Protocol (L2TP) over
IPsec Concepts
Microsoft VPN clients use Layer 2 Tunneling Protocol (L2TP) over IPsec to
establish VPN connections. The TMS zl Module can act as a gateway for these
endpoints, allowing them remote access to the private network.
L2TP is a session-layer protocol (Layer 5) that mimics a data-link protocol
(Layer 2). It tunnels a Point-to-Point Protocol (PPP) connection between two
endpoints within UDP datagrams. Typically, the tunneled traffic is transmitted
in IP packets over a public network such as the Internet.
L2TP tunnels data, but it does not secure it. With L2TP over IPsec, the L2TP
session is encapsulated and secured by IPsec.
An L2TP over IPsec session is established in the following way:
1. A remote endpoint and the TMS zl Module negotiate an IPsec tunnel for
L2TP messages.
You set up IKE to negotiate the IPsec tunnel. The module and the remote
client must use IKE preshared keys to authenticate each other. The IPsec
tunnel must use ESP for the protocol.
See “IPsec Concepts” on page 7-9 if you want to learn more about IPsec.
2. The TMS zl Module (which is the L2TP gateway) and the remote VPN
client establish a L2TP tunnel.
The L2TP messages are sent on UDP 1701. In the course of establishing
the tunnel, the module and the remote client can authenticate each other
again using CHAP, PAP, or MS-CHAP.”