Configuration Tasks For Client Pc; Configuration Tasks For E Series Routers; Table 18: Differences In Handling Timeout Periods For L2Tp/Ipsec Tunnels - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual
Software for e series broadband services routers ip services configuration guide
Table of Contents
Advertisement
JunosE 11.3.x IP Services Configuration Guide
Configuration Tasks for Client PC
Configuration Tasks for E Series Routers
284
L2TP/IPSec tunnels and for single-shot L2TP/IPSec tunnels when the last remaining
tunnel session has been disconnected.
Table 18: Differences in Handling Timeout Periods for L2TP/IPSec Tunnels
Timeout
Standard L2TP/IPSec Tunnels
Period
(Not Single-Shot)
Idle timeout
The tunnel persists until the idle timeout
period
period expires. If a new L2TP session is
created before the idle timeout period
expires, the tunnel persists to carry the new
session and any subsequent sessions that
are established.
When the idle timeout period expires, the
router disconnects the tunnel.
Destruct
The router signals the underlying IPSec
timeout
transport connection to disconnect when
period
the destruct timeout period expires.
For information about configuring L2TP/IPSec single-shot tunnels on the router, see
"Configuring Single-Shot Tunnels" on page 287 .
To set up client PCs, you need to:
Create an IPSec security policy to secure L2TP traffic to the E Series router.
1.
Get a certificate for the client or set up preshared keys.
2.
Create a VPN connection to the router.
3.
Log the client in to the E Series router.
4.
The main configuration tasks for setting up L2TP/IPSec are:
Set up IP connectivity to L2TP clients; for example, PPPoE, DHCP, or static IP.
1.
Set up digital certificates on the router, or configure preshared keys for IKE
2.
authentication.
To set up digital certificates, see "Configuring Digital Certificates" on page 205.
To set up preshared keys, see "Configuring IPSec Parameters" on page 139 in
"Configuring IPSec" on page 119.
Create IPSec policies. See "Defining an IKE Policy" on page 148 in "Configuring IPSec"
3.
on page 119.
Configure RADIUS authentication and accounting. See JunosE Broadband Access
4.
Configuration Guide.
Single-Shot L2TP/IPSec
Tunnels
The router ignores the idle timeout
period.
This behavior prevents a
single-shot tunnel from passing
traffic after its single L2TP session
is disconnected.
The router signals the underlying
IPSec transport connection to
disconnect at the beginning of the
destruct timeout period.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 and is the answer not in the manual?