L2tp features, Protocols and standards – H3C Technologies H3C SecPath F1000-E User Manual

Page 252

240

14.

The RADIUS server authenticates the access request and returns a response if the user passes

authentication.

15.

The LNS assigns an internal IP address to the remote user. Now, the user can access the internal
resources of the enterprise network.

L2TP features

•

Flexible identity authentication mechanism and high security
L2TP itself does not provide security for connections. However, it has all the security features of PPP
for it allows for PPP authentication (CHAP or PAP). L2TP can also cooperate with IPsec to guarantee

data security, making tunneled data more resistant to attacks. In addition, tunnel encryption,

end-to-end data encryption, and end-to-end application-layer data encryption technologies can be

used together with L2TP for higher data security as required.

•

Multi-protocol transmission
L2TP tunnels PPP frames, which can be used to encapsulate packets of multiple network layer
protocols.

•

RADIUS authentication
An LAC and LNS can send the username and password of a remote user to a RADIUS server for
authentication.

•

Private address allocation
An LNS can reside behind the firewall of a corporate network, dynamically allocating private

addresses to remote users and managing the corporate private addresses (RFC 1918). This
facilitates address management and improves security.

•

Accounting flexibility
Accounting can be carried out on the LAC and LNS simultaneously, allowing bills to be generated
on the ISP side and charging and auditing to take place on the enterprise gateway. L2TP can

provide such accounting data as statistics on inbound and outbound traffic (in packets and bytes)

and connection start time and end time. All these enable flexible accounting.

•

Reliability
L2TP supports LNS backup. When the connection to the primary LNS is torn down, an LAC can
establish a new one with a secondary LNS, enhancing the reliability and fault tolerance of VPN

services.

Protocols and standards

•

RFC 1661, The Point-to-Point Protocol (PPP)

•

RFC 1918, Address Allocation for Private Internets

•

RFC 2661, Layer Two Tunneling Protocol "L2TP"

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS