Enabling Ipsec Support For L2Tp - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Enabling IPSec Support for L2TP

enable ipsec-transport
l2tp destination profile
Copyright © 2010, Juniper Networks, Inc.
Configure L2TP destination profiles. See the next section, "Enabling IPSec Support
5.
for L2TP" on page 285.
Configure NAT-T on the virtual router. See "Configuring NAT-T" on page 286.
6.
Configure single-shot L2TP/IPSec tunnels. See "Configuring Single-Shot Tunnels" on
7.
page 287.
Configure IPSec transport profiles. See "Configuring IPSec Transport Profiles" on
8.
page 289.
To configure an L2TP destination profile:
Create a destination profile that defines the location of the LAC, and access L2TP
1.
Destination Profile Configuration mode.
host1(config)#l2tp destination profile boston4 ip address 0.0.0.0
host1(config-l2tp-dest-profile)#
Define the L2TP host profile, and enter L2TP Destination Profile Host Configuration
2.
mode.
host1(config-l2tp-dest-profile)#remote host default
host1(config-l2tp-dest-profile-host)#
Specify that for L2TP tunnels associated with this destination profile, the router accept
3.
only tunnels protected by IPSec.
host1(config-l2tp-dest-profile-host)#enable ipsec-transport
(Optional) Assign a profile name for a remote host.
4.
host1(config-l2tp-dest-profile-host)#profile georgeProfile1
Specify the local IP address to be used in any packets sent to the LAC.
5.
host1(config-l2tp-dest-profile-host)#local ip address 10.0.0.1
For information about other L2TP destination profile commands, see LNS Configuration
Prerequisites.
Use to specify that the router accept only L2TP tunnels protected by an IPSec transport
connection.
Example
host1(config-l2tp-dest-profile-host)#enable ipsec-transport
Use the no version to disable IPSec transport mode.
See enable ipsec-transport.
Chapter 12: Securing L2TP and IP Tunnels with IPSec
285