Nortel Networks L2TP manual Shows tunnel authentication

Page 29

L2TP Overview

You can enable tunnel authentication on the Bay Networks LNS. If tunnel authentication is disabled, which is the default, the LNS sends a default challenge response to the LAC during the authentication process so that the tunnel can be established. The LNS cannot send outgoing calls, so it cannot initiate tunnel authentication.

During tunnel authentication, the following exchange of messages takes place:

1.The LAC sends a tunnel setup message, called the start control connection request (SCCRQ) message to the LNS. This message includes a challenge to the LNS.

2.The LNS replies with a tunnel response, a challenge response, and its own challenge message. This is called the start control connection reply (SCCRP) message.

3.The LAC replies with a challenge response that includes its tunnel authentication password. This is the start control connection connected (SCCCN) message.

4.If this same password is configured for the LNS, the LNS grants approval to the LAC to establish a tunnel.

Figure 1-4 shows tunnel authentication.

ISP network

Corporate network

 

PPP connection

LNS

LAC

SCCRQ

tunnel request and challenge

SCCRP

tunnel response, challenge response,

and LNS challenge

SCCCN

challenge response

L2T0006A

Figure 1-4. Tunnel Authentication Control Messages

303532-A Rev 00

1-13

Page 28 Page 30
Image 29
Page 28 Page 30
Contents Configuring L2TP Services Copyright 1998 Bay Networks, Inc Bay Networks, Inc. Software License Agreement Rev Contents Chapter Starting L2TP Appendix B Configuration Examples Page Figures Page Tables Page Before You Begin PrefaceItalic text Text ConventionsAcronyms Bay Networks Technical Publications How to Get HelpTopic Chapter L2TP OverviewL2TP Benefits What Is Tunneling?L2TP Sessions Remote Host Components of an L2TP NetworkTunnel Management Server TMS L2TP Access Concentrator LACRemote Access Server RAS Radius Server L2TP Network Server LNSExamples of L2TP Networks L2TP Network Using a LACPacket Encapsulation Process L2TP Packet EncapsulationMaking a Connection Across an L2TP Network Security in an L2TP Network Bay Networks L2TP Implementation Tunnel Management Tunnel AuthenticationShows tunnel authentication Radius User Authentication L2TP IP Interface Addresses Radius AccountingRemote Router Dialing the LNS Remote Router ConfigurationIf you want to Go to Where to Go NextPage Chapter Starting L2TP Radius Server Information Tunnel Authentication PasswordsPlanning Considerations for an L2TP Network Site Manager Procedure You do this System responds Preparing a Configuration FileTools Choose Configuration Manager Choose Local File , Remote File , orSubnet Mask Enabling L2TP on an Unconfigured WAN InterfaceChoose Add/Delete Enabling L2TP on an Existing PPP InterfaceChoose Edit Circuit Configuring L2TP Services Enabling L2TP on an Existing Frame Relay Interface Configuration is completed Enabling L2TP on an Existing ATM Interface Site Manager ProcedureYou do this System responds Choose Group ProtocolsChoose Protocols Choose Service AttributesChapter Customizing L2TP Services Choose L2TP Configuration Modifying the L2TP Protocol ConfigurationRadius Server on Modifying Radius Server InformationChanging the LNS System Name Modifying the Number of L2TP Sessions Permitted Set the Remove Domain Name Keeping the Remote User’s Domain NameSet the Domain Name Delimiter Changing the Domain Name DelimiterChoose Tunnel Authentication Enabling Tunnel AuthenticationChoose L2TP IP Interface Modifying L2TP IP Interface AddressesDisabling L2TP Disabling RIPDeleting L2TP from a PPP Interface Customizing L2TP ServicesDeleting L2TP from a Frame Relay Interface Deleting L2TP from an ATM Interface Site Manager Procedure Topic Appendix a L2TP ParametersFigure A-1. L2TP Configuration List Window L2TP Configuration ParametersParameter Receive Window Size Parameter Enable L2TPParameter Max L2TP Sessions Parameter Maximum Retransmit Parameter Retransmit Timer secondsParameter Hello Timer seconds Parameter Radius Primary Server IP Address Parameter Ack Timeout millisecondsParameter LNS System Name Parameter Tunnel Flow Control Parameter Radius Primary Server PasswordParameter Radius Client IP Address Parameter Domain Name Delimiter Parameter Remove Domain NameFigure A-2. L2TP Tunnel Security List Window L2TP Tunnel Security ParametersParameter Tunnel Authentication Password Parameter Enable Tunnel AuthenticationFigure A-3. L2TP IP Interface List Window L2TP IP Interface ParametersParameter Subnet Mask Parameter L2TP IP Interface AddressParameter RIP Enable Example 1 Remote PC Calling the Corporate Network Appendix B Configuration ExamplesFigure B-1. L2TP Network with PCs at the Remote Site Configuring the Remote HostsConfiguring the LNS Configuring the LACs and the TMSDomain name baynetworks.com Parameter Name Value IP Address 192.32.16.55L2TP IP Interface window, enter the L2TP IP address Data Path Through the NetworkFigure B-2. L2TP Network with Routers at the Remote Site Example 2 Remote Router Calling the Corporate NetworkParameter Name Value RFC1661 Compliance Enable Configuring the Dial-on-Demand CircuitConfiguring the PPP Interface Problem What to Do Appendix C TroubleshootingTable C-1 Common L2TP Network Problems and Solutions L2TP IndexIndex-2
Top Page Image Contents