Figure 3-2 L2Tp Vpn Schematic Diagram - Zte ZXR10 ZSR V2 Series Product Description

ZXR10 ZSR V2 Series Router Product Description
(L2TP Network Server). LAC supporting client-end L2TP is used to initiate call,
receive call and establish tunnel. LNS is the end of all the tunnels to terminate all
PPP flows.

Figure 3-2 L2TP VPN schematic diagram

LAC: L2TP Access Concentrator is a PPP-initiator system with L2TP protocol
processing capability. Usually, LAC is a network access server (NAS), which
supplies network access service through PSTN/ISDN.
LNS: L2TP Network Server, the logical termination of PPP conversation, is used on
the PPP-end system for processing the software of L2TP protocol server.
Between a pair of LNS and LAC there are two types of connection: one is tunnel
connection, which defines a LNS and LAC pair. The other is session connection,
which is multiplexed on tunnel connection, indicating each PPP session process in
the tunnel. One tunnel connection can bear multiple session connections. L2TP
connection maintenance and PPP data transmission are both implemented by
exchange of L2TP message, which uses UDP port 1701. L2TP message can be
divided into two types: control message and data message. Control message works
to create and maintain tunnel connection and session connection. Data message
works to bear users' PPP session data packets.
L2TP is featured as follows:

Secure identity authentication mechanism: similar to PPP, L2TP can implement
tunnel endpoint verification. PPP CHAP verification is stipulated to be used.

Internal address distribution support: LNS is deployed behind enterprise network
firewall. It implements dynamic distribution and management of remote user address
28 ZTE Confidential & Proprietary