User Manual - Configuration Guide (Volume 3)

Chapter 2

Versatile Routing Platform

Configuration of L2TP

1)NAS is provided by telecom departments or large ISPs. As the access server of VPDN, NAS provides WAN interfaces, is in charge of connecting PSTN or ISDN, and supports various LAN protocols, security management and authentication, and supports tunnels and relative techniques.

2)The user-side equipment is located in the headquarters of the user. According to different network functions, it may be the equipment, which provide such functions as NAS, router or firewall. LNS in the figure stands for L2TP Network Server.

3)The management tool manages VPDN equipment and users, including NMS, authentication, authorization and accounting (AAA).

Remote dial-up users dial up and access local ISP NAS via local PSTN or ISDN. With local ISP connection and proper tunneling protocol encapsulating higher-level protocol, a VPN is established between NAS and the gateway of opposite end.

III. Method to realize VPDN

There are two modes to realize VPDN:

1)One mode is that NAS and VDPN gateway establish the channel with tunneling protocol. Directly connect PPP of clients to the gateways of enterprises. The current available protocols are L2F and L2TP.The advantage of the mode is its transparency to users. With one login, the users can access Intranet, which authenticates the users and distributes the addresses without occupying public addresses. The platform to access such network is not limited. In the mode, NAS should support VPDN protocol and the authentication system should support VPDN attributes. The gateway is usually router or VPN private gateway.

2)The other mode is that the client and VPDN gateway establish the tunnel. The client first connects Internet, then establishes channel connection with the gateway through private client software (such as L2TP supported by Win2000). The advantage of the mode is that there is no mode and geographical limits for Internet access of users, depending on no ISP. The setback is that the users need to install special software (usually Windows2000 platform), instead of other platforms familiar with the users.

VPDN tunneling protocol includes PPTP, L2F and L2TP. The most popular one is L2TP at present.

2.1.2 L2TP Protocol

L2TP (Layer 2 Tunneling Protocol) supports the tunneling transmission of the packets on PPP link layer. Integrating the respective advantages of L2F protocol of Cisco and PPTP protocol of Microsoft, it becomes the industrial standard of layer 2 tunneling protocol of IETF.

I. Tunnel and session

L2TP is a connection-based protocol.L2TP tunnel is established between LAC (L2TP Access Concentrator) and LNS (L2TP Network Server), which is composed of one control connection and n (n0) sessions. Only one L2TP tunnel can be established between a pair of LAC and LNS. Both control message and PPP data message are transmitted in the tunnel. The session is also established between LAC and LNS. But its establishment must follow the successful establishment of tunnel (including the exchange of such information as identity protection, L2TP version, frame type and hardware transmission type). One session connection corresponds to one PPP data stream between LAC and LNS.

2-2

Page 22
Image 22
Huawei v200r001 user manual 2 L2TP Protocol, III. Method to realize Vpdn, Tunnel and session