beautypg.com

Lucent Technologies 6000 User Manual

Page 475

background image

Setting Up Virtual Private Networks

Configuring L2TP tunnels for dial-in clients

MAX 6000/3000 Network Configuration Guide

11-41

LNS, the unit sends the Client ID to the LNS and the end points use the tunnel password (the
shared secret) to authenticate the tunnel. Following is a sample Tunnel Options profile that
specifies a password and local system name for use in tunnel authentication:

Ethernet

Connections

maxprofile

Tunnel options...

Profile type=Mobile-client

Tunnel protocol=L2TP

Max tunnels=N/A

ATMP HA RIP=N/A

UDP Port=N/A

Home Network Name=N/A

Pri. Tunnel Server=199.33.

Sec. Tunnel Server=

Password=ts-pass

Client ID= ts-lac

Tunnel VRouter=

Following is a comparable RADIUS profile:

lns.example.com Password = "", Service-Type=Dialout,

Tunnel-Password=ts-pass,

Tunnel-Client-Auth-ID=ts-LAC

Creating parallel L2TP tunnels to the same end point

After the LAC has authenticated a PPP client’s dial-in call, it looks for an existing tunnel that
matches both the tunnel-server end point and Client ID specified in the client’s profile. If the
LAC finds an established tunnel that matches these values, it uses the tunnel. If it does not find
a matching tunnel, it initiates a tunnel request. This process can be used to create parallel L2TP
tunnels by specifying different Client ID values in profiles.

How the system finds a matching tunnel

If the client’s profile specifies a hostname as the tunnel-server end point, the system must
match both the hostname and the server’s actual IP address to allow the client to use an
established tunnel.

If Client ID is specified in the caller’s profile, the system attempts to match the caller to an
existing tunnel by using the following values:

The tunnel server’s IP address (and hostname, if specified)

The Client ID

If no Client ID value is specified in the caller’s profile, the system attempts to match the caller
to an existing tunnel by using the tunnel server’s IP address (and hostname, if specified).

If it finds a match on the basis of those values, it uses the tunnel. If the MAX unit does not find
a matching tunnel entry, it initiates a new tunnel request.

This manual is related to the following products: