Chapter 2 L2Tp Configuration; L2Tp Overview; Introduction To Vpdn - H3C SecPath F1800-A Operation Manual

Operation Manual - VPN
H3C SecPath F1800-A Firewall

Chapter 2 L2TP Configuration

2.1 L2TP Overview

2.1.1 Introduction to VPDN

VPDN realizes VPN by means of using dial-up of public network, such as ISDN and
PSTN, and access network.
In this way, it provides access service for:
Enterprises
Mini-ISPs
Mobile businessmen
VPDN adopts special network encryption protocol to set up safe VPN in public
network for enterprises. In this way, overseas offices and staff on business can pass
through the public network to connect with the network of headquarters through the
encrypted virtual tunnel; however, other users in public network have no access to
internal resources of enterprise network through the virtual tunnel.
There are two ways to fulfill VPDN:
1) NAS creating channel with VPDN gateway through tunneling protocol
In this way, PPP connections of users are directly connected to gateway in an
enterprise. By now, available tunnel protocols are L2F and L2TP.
Its advantages are:
It is transparent to users.
Users access enterprise network by login once.
Enterprise network carries out user authentication and address assignment
without occupying the public address.
Users can access network by a wide variety of platforms.
This way of VPDN requires NAS that supports the VPDN protocol, and authentication
system that supports VPDN attributes, with gateway generally adopting router or VPN
dedicated server.
2) Clients creating tunnel with VPDN gateway
In this way, clients first set up the connection with the Internet, and then channel
connection with gateway through dedicated client software (such as L2TP client port
supported by Win2000).
Its advantages lie in:
No limit to the way and place of users' accessing network
No need for ISP's involvement
7-7
Chapter 2 L2TP Configuration