Introduction, L2tp configuration, Static authentication – Patton electronic 29XX User Manual
Page 291
Introduction
291
Access Server Administrators’ Reference Guide
24 • Layer 2 Tunneling Protocol (L2TP)
Introduction
This chapter explains the operation of the L2TP feature on the Patton Electronics Remote Access Servers. This
feature has been introduced into the Patton RAS line with the 3.8.4 software release.
The L2TP Software supports the following features:
•
Shared Tunnel Support
If multiple clients requests an L2TP Tunnel to the same LNS, they will use the same tunnel
•
Multiple Tunnel Support
If a client requests a connection to a new L2TP Tunnel then a new tunnel will be established.
•
Keep Alive Messages
•
Full Challenge and Challenge Response check for each tunnel authentication request
•
Hostname verification supported when configured for authentication-ID support
•
Packet sequence checking and support
•
No AVP Hiding supported
•
CPU Idle Time available to the web interface on the Home Page
•
LNS IP Address displayed on the dialin-all web interface page
•
Tunnel Id displayed on the dialin-all web interface page.
L2TP provides a means of "backhauling" the PPP connection from the local RAS device, which will provide
the physical work on terminating the phone call, and the Access Server which will authenticate the call. The
RAS will be acting a LAC (L2TP Access Concentrator) in this application. A seperate device, typically a Cisco
router, will be acting as the LNS (L2TP Network Server).
L2TP Configuration
The Patton Electronics' Remote Access Server can be configured to initiate an L2TP tunnel using either Static
Authentication or RADIUS Authentication. The following information defines the configuration and the fea-
tures which are available.
Static Authentication
The user has the ability to initiate an L2TP tunnel for a dialed in user based on a staticly configured username.
This is done by configuring the service for "VPN" and defining the IP Address of the LNS as the Service IP.
It is important to note that when configuring the device using static authentication neither the hostname veri-
fication or password protection is enabled on the link.