Filter
Top Products
11-40 MAX 6000/3000 Network Configuration Guide
Setting Up Virtual Private Networks
Configuring L2TP tunnels for dial-in clients
Max tunnels=N/A
ATMP HA RIP=N/A
UDP Port=N/A
Home Network Name=N/A
Pri. Tunnel Server=1.1.1.1
Sec. Tunnel Server=
Password=conn-pass
Client ID=conn-LAC
Tunnel VRouter=
There is no need to assign an IP address, because the IP address is assigned by the LNS.
Following is a comparable RADIUS profile:
001 Password="Ascend-DNIS", Service-Type=Call-Check
Tunnel-Type=L2TP,
Tunnel-Password=conn-pass
Tunnel-Client-Auth-ID=conn-LAC
The LAC uses DNIS to authenticate the PPP client’s dial-in call. It then initiates a tunnel to the
LNS if a tunnel to that end-point address does not already exist. When the MAX unit requests
the tunnel, it passes the LNS the string conn-LAC as its local system name, and uses
conn-pass as the password to authenticate the tunnel. The LNS uses the same strings to
authenticate the LAC before establishing the tunnel.
Example of server-based tunnel authentication
The following settings configure a Connection profile for the PPP client and do not specify a
password or a Client ID:
Ethernet
Connections
maxprofile
Tunnel options...
Profile type=Mobile-client
Tunnel protocol=L2TP
Max tunnels=N/A
ATMP HA RIP=N/A
UDP Port=N/A
Home Network Name=N/A
Pri. Tunnel Server=lns.example.com
Sec. Tunnel Server=
Password=
Client ID=
Tunnel VRouter=
Following is a comparable RADIUS profile:
001 Password="Ascend-DNIS", Service-Type=Call-Check
Tunnel-Type=L2TP,
Tunnel-Server-Endpoint=lns.example.com
The LAC uses DNIS to authenticate the PPP client’s dial-in call. It then initiates a tunnel to the
LNS if a tunnel does not already exists to that end-point address. If tunnel authentication is
enabled and no tunnel password is specified in the Connection profile, the unit looks for a
Tunnel Options profile before requesting the tunnel. If it finds a Tunnel Options profile for the