Lucent Technologies 6000 User Manual
Page 475
Setting Up Virtual Private Networks
Configuring L2TP tunnels for dial-in clients
MAX 6000/3000 Network Configuration Guide
11-41
LNS, the unit sends the Client ID to the LNS and the end points use the tunnel password (the
shared secret) to authenticate the tunnel. Following is a sample Tunnel Options profile that
specifies a password and local system name for use in tunnel authentication:
Ethernet
Connections
maxprofile
Tunnel options...
Profile type=Mobile-client
Tunnel protocol=L2TP
Max tunnels=N/A
ATMP HA RIP=N/A
UDP Port=N/A
Home Network Name=N/A
Pri. Tunnel Server=199.33.
Sec. Tunnel Server=
Password=ts-pass
Client ID= ts-lac
Tunnel VRouter=
Following is a comparable RADIUS profile:
lns.example.com Password = "", Service-Type=Dialout,
Tunnel-Password=ts-pass,
Tunnel-Client-Auth-ID=ts-LAC
Creating parallel L2TP tunnels to the same end point
After the LAC has authenticated a PPP client’s dial-in call, it looks for an existing tunnel that
matches both the tunnel-server end point and Client ID specified in the client’s profile. If the
LAC finds an established tunnel that matches these values, it uses the tunnel. If it does not find
a matching tunnel, it initiates a tunnel request. This process can be used to create parallel L2TP
tunnels by specifying different Client ID values in profiles.
How the system finds a matching tunnel
If the client’s profile specifies a hostname as the tunnel-server end point, the system must
match both the hostname and the server’s actual IP address to allow the client to use an
established tunnel.
If Client ID is specified in the caller’s profile, the system attempts to match the caller to an
existing tunnel by using the following values:
•
The tunnel server’s IP address (and hostname, if specified)
•
The Client ID
If no Client ID value is specified in the caller’s profile, the system attempts to match the caller
to an existing tunnel by using the tunnel server’s IP address (and hostname, if specified).
If it finds a match on the basis of those values, it uses the tunnel. If the MAX unit does not find
a matching tunnel entry, it initiates a new tunnel request.