Nortel Networks L2TP manual Shows tunnel authentication

Page 29

L2TP Overview

You can enable tunnel authentication on the Bay Networks LNS. If tunnel authentication is disabled, which is the default, the LNS sends a default challenge response to the LAC during the authentication process so that the tunnel can be established. The LNS cannot send outgoing calls, so it cannot initiate tunnel authentication.

During tunnel authentication, the following exchange of messages takes place:

1.The LAC sends a tunnel setup message, called the start control connection request (SCCRQ) message to the LNS. This message includes a challenge to the LNS.

2.The LNS replies with a tunnel response, a challenge response, and its own challenge message. This is called the start control connection reply (SCCRP) message.

3.The LAC replies with a challenge response that includes its tunnel authentication password. This is the start control connection connected (SCCCN) message.

4.If this same password is configured for the LNS, the LNS grants approval to the LAC to establish a tunnel.

Figure 1-4 shows tunnel authentication.

ISP network

Corporate network

 

PPP connection

LNS

LAC

SCCRQ

tunnel request and challenge

SCCRP

tunnel response, challenge response,

and LNS challenge

SCCCN

challenge response

L2T0006A

Figure 1-4. Tunnel Authentication Control Messages

303532-A Rev 00

1-13

Image 29
Contents Configuring L2TP Services Copyright 1998 Bay Networks, Inc Bay Networks, Inc. Software License Agreement Rev Contents Chapter Starting L2TP Appendix B Configuration Examples Page Figures Page Tables Page Before You Begin PrefaceItalic text Text ConventionsAcronyms Bay Networks Technical Publications How to Get HelpTopic Chapter L2TP OverviewL2TP Benefits What Is Tunneling?L2TP Sessions Remote Host Components of an L2TP NetworkTunnel Management Server TMS L2TP Access Concentrator LACRemote Access Server RAS Radius Server L2TP Network Server LNSExamples of L2TP Networks L2TP Network Using a LACPacket Encapsulation Process L2TP Packet EncapsulationMaking a Connection Across an L2TP Network Security in an L2TP Network Bay Networks L2TP Implementation Tunnel Management Tunnel AuthenticationShows tunnel authentication Radius User Authentication L2TP IP Interface Addresses Radius AccountingRemote Router Dialing the LNS Remote Router ConfigurationIf you want to Go to Where to Go NextPage Chapter Starting L2TP Radius Server Information Tunnel Authentication PasswordsPlanning Considerations for an L2TP Network Site Manager Procedure You do this System responds Preparing a Configuration FileTools Choose Configuration Manager Choose Local File , Remote File , orSubnet Mask Enabling L2TP on an Unconfigured WAN InterfaceChoose Add/Delete Enabling L2TP on an Existing PPP InterfaceChoose Edit Circuit Configuring L2TP Services Enabling L2TP on an Existing Frame Relay Interface Configuration is completed Enabling L2TP on an Existing ATM Interface Site Manager ProcedureYou do this System responds Choose Group ProtocolsChoose Protocols Choose Service AttributesChapter Customizing L2TP Services Choose L2TP Configuration Modifying the L2TP Protocol ConfigurationRadius Server on Modifying Radius Server InformationChanging the LNS System Name Modifying the Number of L2TP Sessions Permitted Set the Remove Domain Name Keeping the Remote User’s Domain NameSet the Domain Name Delimiter Changing the Domain Name DelimiterChoose Tunnel Authentication Enabling Tunnel AuthenticationChoose L2TP IP Interface Modifying L2TP IP Interface AddressesDisabling L2TP Disabling RIPDeleting L2TP from a PPP Interface Customizing L2TP ServicesDeleting L2TP from a Frame Relay Interface Deleting L2TP from an ATM Interface Site Manager Procedure Topic Appendix a L2TP ParametersFigure A-1. L2TP Configuration List Window L2TP Configuration ParametersParameter Receive Window Size Parameter Enable L2TPParameter Max L2TP Sessions Parameter Maximum Retransmit Parameter Retransmit Timer secondsParameter Hello Timer seconds Parameter Radius Primary Server IP Address Parameter Ack Timeout millisecondsParameter LNS System Name Parameter Tunnel Flow Control Parameter Radius Primary Server PasswordParameter Radius Client IP Address Parameter Domain Name Delimiter Parameter Remove Domain NameFigure A-2. L2TP Tunnel Security List Window L2TP Tunnel Security ParametersParameter Tunnel Authentication Password Parameter Enable Tunnel AuthenticationFigure A-3. L2TP IP Interface List Window L2TP IP Interface ParametersParameter Subnet Mask Parameter L2TP IP Interface AddressParameter RIP Enable Example 1 Remote PC Calling the Corporate Network Appendix B Configuration ExamplesFigure B-1. L2TP Network with PCs at the Remote Site Configuring the Remote HostsConfiguring the LNS Configuring the LACs and the TMSDomain name baynetworks.com Parameter Name Value IP Address 192.32.16.55L2TP IP Interface window, enter the L2TP IP address Data Path Through the NetworkFigure B-2. L2TP Network with Routers at the Remote Site Example 2 Remote Router Calling the Corporate NetworkParameter Name Value RFC1661 Compliance Enable Configuring the Dial-on-Demand CircuitConfiguring the PPP Interface Problem What to Do Appendix C TroubleshootingTable C-1 Common L2TP Network Problems and Solutions L2TP IndexIndex-2

L2TP specifications

Nortel Networks L2TP, or Layer 2 Tunneling Protocol, is a widely recognized networking protocol that enables the tunneling of data over various networks. Initially developed as an extension of the Point-to-Point Tunneling Protocol (PPTP), L2TP integrates components from both PPTP and Layer 2 Forwarding (L2F). Nortel Networks played a significant role in the development and implementation of L2TP, making it a prominent choice for service providers and enterprise networks seeking secure and efficient connectivity.

One of the primary features of L2TP is its ability to encapsulate data packets, allowing the transport of PPP (Point-to-Point Protocol) frames without necessitating the traditional point-to-point connections. This means L2TP can operate across different networks, facilitating remote access connections and VPNs (Virtual Private Networks). As a result, organizations can achieve greater flexibility in managing their communications infrastructure.

Another key characteristic of L2TP is its support for both IPv4 and IPv6, ensuring compatibility with current and future networking environments. L2TP operates at the link layer of the OSI model, which means it functions between the data link and network layers, making it versatile for various applications. By using UDP (User Datagram Protocol) as a transport protocol, L2TP ensures efficient data transmission while maintaining lower latencies.

Security is a critical aspect of L2TP. While L2TP itself does not provide encryption, it is often paired with IPSec (Internet Protocol Security) for enhanced security protocols. This combination offers both tunneling and encryption, creating a secure framework for transmitting sensitive information across potentially insecure networks, such as the Internet.

L2TP also features various authentication methods, allowing for robust access control. It supports various schemes like PAP (Password Authentication Protocol) and CHAP (Challenge Handshake Authentication Protocol), giving network administrators a range of options to ensure the legitimacy of users accessing the network.

In summary, Nortel Networks L2TP is a powerful tunneling protocol known for its flexibility, compatibility, and security features. Its ability to encapsulate data for efficient transport makes it ideal for remote access and VPN applications. As organizations continue to demand secure, seamless connectivity, L2TP remains a resilient choice within the shifting landscape of networking technologies.