Nas-Initiated Vpn - 3Com MSR 50 Series Configuration Manual

NAS-Initiated VPN

1 The user dials in to NAS through a medium supporting PPP.
2 The NAS determines whether the user is a valid VPN client. If so, it initiates a
3 After a tunnel is set up between the NAS and the LNS, the NAS negotiates with
4 The LNS decides whether to accept the connection request according to the
5 The user communicates with the headquarters over the tunnel between the NAS
1 Configure the VPN user
2 Configure the LAC and its RADIUS server
Network requirements
A VPN user accesses the corporate headquarters as follows:
tunneling request to the LNS.
the VPN user and transfers the negotiated results to the LNS.
negotiated results.
and the LNS.
Network diagram
Figure 453 Network diagram for the NAS-initiated VPN
Async1/0
1 .1.1.1/24
PSTN/ISDN
VPN user
Configuration procedure
In the dial-up network window, enter vpdnuser as the username, Hello as the
password, and 170 as the access number. After dialing the access number and
bringing up the dial-up terminal window, enter username as the username and
userpass as the password for RADIUS authentication.
Configure the RADIUS server
■
# Create a local user with the name of username and the password of userpass.
# Specify the IP address of the corresponding interface on the LNS. In this
example, the Ethernet interface on the LNS, the interface for the tunnel, has an IP
address of 1.1.2.2.
Configure the LAC
■
# Configure IP addresses for the interfaces. (Omitted)
# Create a local user named vpdnuser, set the password, and enable PPP service.
[Sysname] local-user vpdnuser
[Sysname-luser-vpdnuser] password simple Hello
[Sysname-luser-vpdnuser] service-type ppp
[Sysname-luser-vpdnuser] quit
# Configure interface Async 1/0.
L2TP Configuration Example
Eth 1/0
Eth1/0
1 .1.2.1/24
1 .1.2.2/24
Internet
L2TP tunnel
LAC
Corporate
network
LNS
1615