Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
IP Security
Implementing IPSec for L2TP Applications ▀
Cisco ASR 5000 Series Enhanced Feature Configuration Guide ▄
OL-22983-01
Figure 23. Attribute-based L2TP, IPSec-Encrypted Session Processing
AAA Server
PDSN
or
HA
LNS/Security
Gateway
1
2
3
6
7
8
9
IPSec Tunnel
Source
Ctx.
PDSN
or HA
Service
Local Ctx.
Destination
Ctx.
LAC
Service
P
D
N
D
N
Crypto Map
Transform
Set(s)
ISAKMP
Policy(ies)
4
5
AAA Cfg.
AAA
Table 16. Attribute-based L2TP, IPSec-Encrypted Session Processing
Step
Description
1.
A subscriber session arrives at the system.
2.
The system attempts to authenticate the subscriber with the AAA server.
3.
The profile attributes returned upon successful authentication by the AAA server indicate that session data is to be tunneled
using L2TP. In addition, attributes specifying a crypto map name and ISAKMP secret are also supplied indicating that IP
security is also required.
using L2TP. In addition, attributes specifying a crypto map name and ISAKMP secret are also supplied indicating that IP
security is also required.
4.
The system determines that the crypto map name supplied matches a configured crypto map.