No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Working Procedure

Working Procedure

VPDN connections are set up between the remote user and LNS. ISPs deploy the NAS that is geographically closest to the remote user as the LAC. L2TP tunnel connections are set up between the LAC and LNS.
  1. Remote users dial up on a PSTN or an ISDN to initiate PPP connections to a local NAS deployed by an ISP.
  2. The NAS accepts calls from remote users and performs PPP negotiation.
  3. As the LAC, the NAS determines whether remote users are VPDN users based on user names or domain names. If remote users are VPDN users, the L2TP module encapsulates PPP packets from them and sends the packets through the L2TP tunnel to the LNS. If remote users are not VPDN users, PPP packets from them are processed and forwarded normally.
  4. Upon receiving call connection requests sent through the L2TP tunnel, the LNS authenticates remote users and assigns and sends IP addresses to remote users.
  5. Remote users obtain IP addresses and send packets to hosts in the headquarters to communicate.
  6. The LNS receives packets transmitted through the tunnel and forwards the packets to destination hosts according to the routing table.

After L2TP encapsulation, remote users set up point-to-point connections to the LNS, and the LAC and Internet are transparent to users. The LAC and LNS use remote authentication. Figure 1-6 shows the L2TP call setup procedure in details.

Figure 1-6  L2TP call setup procedure
  1. The PC of a remote user initiates a request for a call connection to the LAC.

  2. The PC and the LAC perform PPP LCP negotiation.

  3. The LAC authenticates the PC user using the Challenge Handshake Authentication Protocol (CHAP).

  4. The LAC sends authentication information including the user name and password to the RADIUS server for authentication.

  5. After authenticating the user, the RADIUS server sends the authentication result to the user.

  6. If the LNS domain name is specified on the LAC, the LAC checks whether the LNS domain name is parsed. If the LNS domain name is not parsed, the LAC requests the corresponding IP address based on the domain name from the DNS server. If an IP address is parsed from the domain name, the tunnel setup process is triggered. If no IP address is parsed from the domain name, the user cannot go online.

  7. An L2TP tunnel connection is set up between the LAC and LNS.

  8. An L2TP session connection is set up between the LAC and LNS.

  9. The LNS processes PPP negotiation information contained in the session connection request.

  10. The LNS sends an access request to its RADIUS server for authentication.

  11. The RADIUS server sends a response packet after the authentication succeeds. If the Frame-IP and Frame-Route attributes or address pool name is specified on the RADIUS server, the response packet carries the Frame-IP and Frame-Route attributes or the specified address pool name.

  12. (Optional) The LNS performs secondary CHAP authentication on the remote user.

  13. The LNS sends secondary authentication information to its RADIUS server for authentication.

  14. The RADIUS server sends a response packet after the authentication succeeds.

  15. The LNS saves the Frame-IP and Frame-Route attributes or the specified address pool name carried in the response packet. An L2TP connection is set up and the LNS assigns IP addresses to remote users.

  16. The remote user can communicate with devices in the headquarters and the LNS functions as a gateway.

NOTE:

If you run step 12, step 13 and 14 are mandatory.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 144870

Downloads: 361

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next