Filter
Top Products
Setting Up Virtual Private Networks
Configuring L2TP tunnels for dial-in clients
MAX 6000/3000 Network Configuration Guide 11-39
Example of tunnel authentication
For the purposes of this example, a MAX authenticates the initial PPP dial-in by its dialed
number. (DNIS authentication is not required for tunnel authentication.) Another MAX
operates as an L2TP Network Server (LNS).
Figure 11-10. Example of L2TP tunnel authentication
Example of connection-based tunnel authentication
The following settings configure a Connection profile for the PPP client and specify a Client
ID name:
Ethernet
Connections
maxprofile
Tunnel options...
Profile type=Mobile-client
Tunnel protocol=L2TP
RADIUS attribute Value
Tunnel-Type (64)
Tunneling protocol(s) to be used. Must be set to L2TP (3) or L2F
(2) to use this feature.
Tunnel-Server-Endpoint
(67)
IP address or hostname of the tunnel end point. If a DNS lookup
returns several IP addresses, the system attempts to establish a
tunnel to each address in turn.
Tunnel-Password (69)
Shared secret for authenticating the tunnel.
Tunnel-Client-Auth-ID
(90)
Name sent to the tunnel end point by the system requesting the
tunnel (the NAS or LAC) during the tunnel authentication phase.
The name can contain up to 31 characters. See “How the system
name is selected” on page 11-42.
Tunnel-Server-Auth-ID
(91)
Name sent from the tunnel end point (the gateway or LNS) to the
system initiating the tunnel during the tunnel authentication phase.
The name can contain up to 31 characters.
Tunnel-Server-Auth-ID (91) does not apply unless the protocol
used to establish the tunnel is L2TP or L2F. The attribute can be
specified in access-response packets and is generated in
accounting-request packets.
WAN
IP
PPP client
LAC LNS
1.1.1.2
2.2.2.2
1.1.1.1
L2TP tunnel
2.2.2.3