L2TP Overview
You can enable tunnel authentication on the Bay Networks LNS. If tunnel authentication is disabled, which is the default, the LNS sends a default challenge response to the LAC during the authentication process so that the tunnel can be established. The LNS cannot send outgoing calls, so it cannot initiate tunnel authentication.
During tunnel authentication, the following exchange of messages takes place:
1.The LAC sends a tunnel setup message, called the start control connection request (SCCRQ) message to the LNS. This message includes a challenge to the LNS.
2.The LNS replies with a tunnel response, a challenge response, and its own challenge message. This is called the start control connection reply (SCCRP) message.
3.The LAC replies with a challenge response that includes its tunnel authentication password. This is the start control connection connected (SCCCN) message.
4.If this same password is configured for the LNS, the LNS grants approval to the LAC to establish a tunnel.
Figure 1-4 shows tunnel authentication.
ISP network | Corporate network |
|
PPP connection
LNS
LAC
SCCRQ
tunnel request and challenge
SCCRP
tunnel response, challenge response,
and LNS challenge
SCCCN
challenge response
L2T0006A