Figure 10 NAS-initiated tunneling mode
A NAS-initiated tunnel has the following characteristics:
The remote system only needs to support PPP, and does not need to support L2TP.
•
•
Authentication and accounting of the remote system can be implemented on the LAC or the LNS.
Figure 11 Establishment process for NAS-initiated tunnels
Remote system
Host A
Device A
(1) Call setup
(2) LCP negotiation
(3) PAP or CHAP
authenticaion
(12) CHAP authentication (challenge/response)
(15) Authentication passes, and assign an IP address
(16) Access the enterprise network
As shown in
Figure 1
1, the following workflow is used to establish a NAS-initiated tunnel:
1.
A remote system (Host A) initiates a PPP connection to the LAC (Device A).
2.
The remote system and LAC perform PPP LCP negotiation.
The LAC authenticates PPP user information of Host A by using PAP or CHAP.
3.
LAC
RADIUS server A
(4) Access request
(5) Access accept
(6) Tunnel setup request
(7) CHAP authentication (challenge/response)
(8) Setup a session
(9) Send user information and LCP negotiation
parameters
11
LNS
RADIUS server B
Device B
(10) Access request
(11) Acesss accept
(13) Access request
(14) Acesss accept