1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

Configuring Single-Shot Tunnels - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

Configuring Single-Shot Tunnels

single-shot-tunnel
Copyright © 2010, Juniper Networks, Inc.
To configure a single-shot L2TP/IPSec tunnel:
Create an L2TP destination profile, which defines the location of the LAC. The l2tp
1.
destination profile command accesses L2TP Destination Profile Configuration mode.
host1(config)#l2tp destination profile boston4 ip address 0.0.0.0
host1(config-l2tp-dest-profile)#
Create an L2TP host profile, which defines the attributes that the router, acting as the
2.
LNS, uses when communicating with the LAC. The remote host command accesses
L2TP Destination Profile Host Configuration mode.
host1(config-l2tp-dest-profile)#remote host default
host1(config-l2tp-dest-profile-host)#
Specify that, for L2TP tunnels associated with this host profile, the router accept only
3.
tunnels protected by IPSec.
host1(config-l2tp-dest-profile-host)#enable ipsec-transport
Specify that the L2TP tunnels associated with this host profile are single-shot tunnels.
4.
host1(config-l2tp-dest-profile-host)#single-shot-tunnel
(Optional) Configure other attributes for the L2TP host profile.
5.
(Optional) Use the show l2tp destination profile command to verify configuration
6.
of the single-shot tunnel for a particular L2TP host profile.
For information about how to use this command, see "show l2tp destination profile"
on page 300.
For information about the other commands you can use to configure L2TP destination
profiles and L2TP host profiles, see LNS Configuration Prerequisites.
Use to configure the L2TP/IPSec tunnels associated with a particular L2TP host profile
as single-shot tunnels.
A single-shot tunnel can carry no more than a single L2TP session for the duration of
its existence.
The router ignores the idle timeout period for single-shot tunnels.
The following characteristics apply only to secure L2TP/IPSec single-shot tunnels:
The underlying IPSec connection for a single-shot tunnel can carry no more than a
single L2TP tunnel for the duration of its existence.
The router disconnects the underlying IPSec transport connection for a single-shot
tunnel at the beginning of the destruct timeout period instead of waiting until the
destruct timeout period expires.
A single-shot tunnel does not persist beyond its last connected L2TP session. As a
result, using single-shot L2TP/IPSec tunnels instead of the default (standard) tunnel
Chapter 12: Securing L2TP and IP Tunnels with IPSec
287

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents