How the max creates l2tp tunnels, Proxy lcp and authentication support for l2tp, Figure 11-8 l2tp tunnel across the internet -32 – Lucent Technologies 6000 User Manual

Page 466

Advertising
background image

11-32

MAX 6000/3000 Network Configuration Guide

Setting Up Virtual Private Networks
Configuring L2TP tunnels for dial-in clients

Figure 11-8 shows an ISP POP MAX, acting as an LAC, communicating across the WAN with
a private network. Clients dial into the ISP POP and are forwarded across the Internet to the
private network.

Figure 11-8. L2TP tunnel across the Internet

How the MAX creates L2TP tunnels

The dial-in client, the LAC, and the LNS establish, use, and terminate an L2TP-tunnel
connection as follows:

1

A client dials, over either a modem or ISDN connection, into the LAC.

2

On the basis of dialed number or after authentication (depending on the LAC
configuration), the LAC communicates with the LNS to establish an IP connection.

3

Over the IP connection, the LAC and LNS establish a control channel.

4

The LAC sends an Inbound Call Request to the LNS.

5

Depending on the LNS configuration, the client might need to authenticate itself a second
time.

6

After successful authentication, the tunnel is established, and data traffic flows.

7

When the client disconnects from the LAC, the LAC sends a Call Disconnect Notify
message to the LNS. The LAC and LNS disconnect the tunnel.

Proxy LCP and authentication support for L2TP

If a PPP client’s profile is configured to initiate an L2TP tunnel, the MAX unit attempts to
open a tunnel (or reuse an existing one) following initial authentication of the connection. It
can open a tunnel after completing CLID or DNIS authentication or after authenticating the
caller’s name and password. If the LAC authenticates the initial dial-in call using a name and
password, it negotiates Link Control Protocol (LCP) with the client and opens the PPP Auth
state to determine who the client is, so it can contact the appropriate LNS.

With earlier versions of the system software, when the LAC contacted the LNS for a client
connection, it sent an empty LCP Config Request packet in the data stream. When the LNS
received the packet, it restarted LCP negotiations and authenticated the client. With currently
supported proxy LCP, instead of an empty LCP Config Request, the LAC sends the LNS the
following information:

The first LCP Config Request packet received from the client.

The last LCP Config Request packet received from the client.

Internet

P50

RADIUS server

Dial-in
clients

Modem

LAC

LNS

L2TP tunnel

Private network

Advertising
This manual is related to the following products:

3000

Popular Brands
Popular manuals