Configuration Tasks For Client Pc; Table 18: Differences In Handling Timeout Periods For L2Tp/Ipsec Tunnels - Juniper JUNOSE 11.0.X IP SERVICES Configuration Manual

JUNOSe 11.0.x IP Services Configuration Guide
For L2TP/IPSec single-shot tunnels, as soon as the tunnel or its single session fails
negotiations or disconnects, the router prevents any further L2TP tunnels or L2TP
sessions from connecting, and requires that a new IPSec connection be established
for any subsequent connection attempts.
Table 18 on page 296 describes the differences between how the router handles the
idle timeout period (configured with the l2tp tunnel idle-timeout command) and
the destruct timeout period (configured with the l2tp destruct-timeout command)
for standard L2TP/IPSec tunnels and for single-shot L2TP/IPSec tunnels when the
last remaining tunnel session has been disconnected.

Table 18: Differences in Handling Timeout Periods for L2TP/IPSec Tunnels

For information about configuring L2TP/IPSec single-shot tunnels on the router, see
"Configuring Single-Shot Tunnels" on page 299 .

Configuration Tasks for Client PC

To set up client PCs, you need to:
1.
2.
296
L2TP/IPSec Tunnels
The router ignores the idle timeout period for single-shot tunnels. This means
that as soon a single-shot tunnel's session is removed, the single-shot tunnel
proceeds to disconnect.
The following characteristics apply only to secure L2TP/IPSec single-shot tunnels:
The underlying IPSec connection for a single-shot tunnel can carry no more
than a single L2TP tunnel for the duration of its existence.
The router disconnects the underlying IPSec transport connection for a
single-shot tunnel at the beginning of the destruct timeout period instead of
waiting until the destruct timeout period expires.
Timeout Standard L2TP/IPSec Tunnels
Period (Not Single-Shot)
Idle timeout The tunnel persists until the idle timeout
period period expires. If a new L2TP session is
created before the idle timeout period
expires, the tunnel persists to carry the new
session and any subsequent sessions that
are established.
When the idle timeout period expires, the
router disconnects the tunnel.
Destruct The router signals the underlying IPSec
timeout transport connection to disconnect when
period the destruct timeout period expires.
Create an IPSec security policy to secure L2TP traffic to the E Series router.
Get a certificate for the client or set up preshared keys.
Single-Shot L2TP/IPSec Tunnels
The router ignores the idle timeout
period.
This behavior prevents a
single-shot tunnel from passing
traffic after its single L2TP session
is disconnected.
The router signals the underlying
IPSec transport connection to
disconnect at the beginning of the
destruct timeout period.