Filter
Top Products
User Manual - Configuration Guide (Volume 3)
Versatile Routing Platform
Chapter 2
Configuration of L2TP
2-2
1) NAS is provided by telecom departments or large ISPs. As the access server of
VPDN, NAS provides WAN interfaces, is in charge of connecting PSTN or ISDN,
and supports various LAN protocols, security management and authentication,
and supports tunnels and relative techniques.
2) The user-side equipment is located in the headquarters of the user. According to
different network functions, it may be the equipment, which provide such functions
as NAS, router or firewall. LNS in the figure stands for L2TP Network Server.
3) The management tool manages VPDN equipment and users, including NMS,
authentication, authorization and accounting (AAA).
Remote dial-up users dial up and access local ISP NAS via local PSTN or ISDN. With
local ISP connection and proper tunneling protocol encapsulating higher-level protocol,
a VPN is established between NAS and the gateway of opposite end.
III. Method to realize VPDN
There are two modes to realize VPDN:
1) One mode is that NAS and VDPN gateway establish the channel with tunneling
protocol. Directly connect PPP of clients to the gateways of enterprises. The
current available protocols are L2F and L2TP.The advantage of the mode is its
transparency to users. With one login, the users can access Intranet, which
authenticates the users and distributes the addresses without occupying public
addresses. The platform to access such network is not limited. In the mode, NAS
should support VPDN protocol and the authentication system should support
VPDN attributes. The gateway is usually router or VPN private gateway.
2) The other mode is that the client and VPDN gateway establish the tunnel. The
client first connects Internet, then establishes channel connection with the
gateway through private client software (such as L2TP supported by Win2000).
The advantage of the mode is that there is no mode and geographical limits for
Internet access of users, depending on no ISP. The setback is that the users need
to install special software (usually Windows2000 platform), instead of other
platforms familiar with the users.
VPDN tunneling protocol includes PPTP, L2F and L2TP. The most popular one is L2TP
at present.
2.1.2 L2TP Protocol
L2TP (Layer 2 Tunneling Protocol) supports the tunneling transmission of the packets
on PPP link layer. Integrating the respective advantages of L2F protocol of Cisco and
PPTP protocol of Microsoft, it becomes the industrial standard of layer 2 tunneling
protocol of IETF.
I. Tunnel and session
L2TP is a connection-based protocol.L2TP tunnel is established between LAC (L2TP
Access Concentrator) and LNS (L2TP Network Server), which is composed of one
control connection and n (n≧0) sessions. Only one L2TP tunnel can be established
between a pair of LAC and LNS. Both control message and PPP data message are
transmitted in the tunnel. The session is also established between LAC and LNS. But
its establishment must follow the successful establishment of tunnel (including the
exchange of such information as identity protection, L2TP version, frame type and
hardware transmission type). One session connection corresponds to one PPP data
stream between LAC and LNS.