HP MSR Router Series Wan Access Configuration Manual page 83

A client-initiated tunnel has higher security because it is established between a remote system and
•
the LNS.
The remote system must support L2TP and be able to communicate with the LNS. This causes poor
•
expandability.
As shown in
establishing a NAS-initiated tunnel. (Details not shown.)
Figure 28 Client-initiated tunnel establishment process
LAC-auto-initiated tunneling mode
In NAS-initiated mode, a remote system must successfully dial in to the LAC through PPPoE or ISDN.
In LAC-auto-initiated mode, you can use the l2tp-auto-client command on the LAC to trigger the LAC to
initiate a tunneling request to the LNS. When a remote system accesses the private network, the LAC
forwards data through the L2TP tunnel.
Figure 29 LAC-auto-initiated tunneling mode
Remote system
Host A
An LAC-auto-initiated tunnel has the following characteristics:
The connection between a remote system and the LAC is not confined to a dial-up connection and
•
can be any IP-based connection.
An L2TP session is established immediately after an L2TP tunnel is established. Then, the LAC and
•
LNS, acting as the PPPoE client and PPPoE server, respectively, perform PPP negotiation.
An L2TP tunnel can carry only one L2TP session.
•
Figure 28, the workflow for establishing a client-initiated tunnel is similar to that for
LAN
Device A
LAC auto initiated
L2TP tunnel
Internet
LAC
74
Private
network
LNS
Device B
RADIUS server