Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks L2TP manual Tunnel Management, Tunnel Authentication

Models: L2TP

1 80

Download 80 pages 16.08 Kb

Page 28

Configuring L2TP Services

Tunnel Management

The Bay Networks tunnel management server (TMS), which resides at the ISP network, stores the TMS database. This database contains the remote users’ domain name, the IP address information of each LNS, and other tunnel addressing information that the network administrator configures. The LAC requests this information from the TMS to construct the L2TP tunnel.

When the LAC receives a call, it forwards the domain name to the TMS. The domain name is the portion of the user’s address that specifies a particular location in the network. For example, if the user name is jdoe@baynetworks.com, baynetworks.com is the domain name. The TMS looks up the domain name and verifies that the remote user is an L2TP user. The TMS also provides the LAC with the addressing information required to establish a tunnel to the correct LNS.

Note: The domain name referred to in this guide is a domain identifier that does not follow a specific format. It is not related to any Domain Name System (DNS) protocol requirements.

Tunnel Authentication

For security purposes, you can enable the LNS to perform tunnel authentication. Tunnel authentication is the process of negotiating the establishment of a tunnel.

During tunnel authentication, the LNS identifies the L2TP client or LAC by comparing the LAC’s tunnel authentication password with its own password. If the passwords match, the LNS permits the LAC to establish a tunnel.

The LAC does not send the tunnel authentication password as a plain-text message. The exchange of passwords works much like the PPP Challenge Handshake Authentication Protocol (CHAP). When one side receives a challenge, it responds with a value that is calculated based on the authentication password. The receiving side matches the value against its own calculation. If the values match, authentication is successful.

Tunnel authentication occurs in both directions, which means that the LAC and LNS both try to verify the other’s identity.

1-12	303532-A Rev 00

Image 28

Nortel Networks L2TP manual Tunnel Management, Tunnel Authentication

Contents

Configuring L2TP Services Copyright 1998 Bay Networks, Inc Bay Networks, Inc. Software License Agreement Rev Contents Chapter Starting L2TP Appendix B Configuration Examples Page Figures Page Tables Page Preface Before You BeginText Conventions Italic textAcronyms How to Get Help Bay Networks Technical PublicationsChapter L2TP Overview TopicWhat Is Tunneling? L2TP BenefitsL2TP Sessions Components of an L2TP Network Remote HostRemote Access Server RAS L2TP Access Concentrator LACTunnel Management Server TMS L2TP Network Server LNS Radius ServerL2TP Network Using a LAC Examples of L2TP NetworksL2TP Packet Encapsulation Packet Encapsulation ProcessMaking a Connection Across an L2TP Network Security in an L2TP Network Bay Networks L2TP Implementation Tunnel Authentication Tunnel ManagementShows tunnel authentication Radius User Authentication Radius Accounting L2TP IP Interface AddressesRemote Router Configuration Remote Router Dialing the LNSWhere to Go Next If you want to Go toPage Chapter Starting L2TP Planning Considerations for an L2TP Network Tunnel Authentication PasswordsRadius Server Information Preparing a Configuration File Site Manager Procedure You do this System respondsTools Choose Configuration Manager Choose Local File , Remote File , orEnabling L2TP on an Unconfigured WAN Interface Subnet MaskChoose Edit Circuit Enabling L2TP on an Existing PPP InterfaceChoose Add/Delete Configuring L2TP Services Enabling L2TP on an Existing Frame Relay Interface Configuration is completed Site Manager Procedure Enabling L2TP on an Existing ATM InterfaceYou do this System responds Choose Group ProtocolsChoose Service Attributes Choose ProtocolsChapter Customizing L2TP Services Modifying the L2TP Protocol Configuration Choose L2TP ConfigurationModifying Radius Server Information Radius Server onChanging the LNS System Name Modifying the Number of L2TP Sessions Permitted Keeping the Remote User’s Domain Name Set the Remove Domain NameChanging the Domain Name Delimiter Set the Domain Name DelimiterEnabling Tunnel Authentication Choose Tunnel AuthenticationModifying L2TP IP Interface Addresses Choose L2TP IP InterfaceDisabling RIP Disabling L2TPCustomizing L2TP Services Deleting L2TP from a PPP InterfaceDeleting L2TP from a Frame Relay Interface Deleting L2TP from an ATM Interface Site Manager Procedure Appendix a L2TP Parameters TopicL2TP Configuration Parameters Figure A-1. L2TP Configuration List WindowParameter Max L2TP Sessions Parameter Enable L2TPParameter Receive Window Size Parameter Hello Timer seconds Parameter Retransmit Timer secondsParameter Maximum Retransmit Parameter LNS System Name Parameter Ack Timeout millisecondsParameter Radius Primary Server IP Address Parameter Radius Client IP Address Parameter Radius Primary Server PasswordParameter Tunnel Flow Control Parameter Remove Domain Name Parameter Domain Name DelimiterL2TP Tunnel Security Parameters Figure A-2. L2TP Tunnel Security List WindowParameter Enable Tunnel Authentication Parameter Tunnel Authentication PasswordL2TP IP Interface Parameters Figure A-3. L2TP IP Interface List WindowParameter L2TP IP Interface Address Parameter Subnet MaskParameter RIP Enable Appendix B Configuration Examples Example 1 Remote PC Calling the Corporate NetworkConfiguring the Remote Hosts Figure B-1. L2TP Network with PCs at the Remote SiteConfiguring the LACs and the TMS Configuring the LNSDomain name baynetworks.com Parameter Name Value IP Address 192.32.16.55Data Path Through the Network L2TP IP Interface window, enter the L2TP IP addressExample 2 Remote Router Calling the Corporate Network Figure B-2. L2TP Network with Routers at the Remote SiteConfiguring the PPP Interface Configuring the Dial-on-Demand CircuitParameter Name Value RFC1661 Compliance Enable Appendix C Troubleshooting Problem What to DoTable C-1 Common L2TP Network Problems and Solutions Index L2TPIndex-2