Cisco Cisco Packet Data Interworking Function (PDIF)
Service Configurations
LAC Service Configuration to Support IPSec ▀
IPSec Reference, StarOS Release 17 ▄
93
LAC Service Configuration to Support IPSec
This section provides instructions for configuring LAC (L2TP Access Concentrator) services to support IPSec.
Important:
These instructions are required for compulsory tunneling. They should only be performed for
attribute-based tunneling if the Tunnel-Service-Endpoint, the SN1-Tunnel-ISAKMP-Crypto-Map, or the SN1 -Tunnel-
ISAKMP-Secret are not configured in the subscriber profile.
ISAKMP-Secret are not configured in the subscriber profile.
These instructions assume that the LAC service was previously configured and system is ready to serve as an LAC
server.
server.
Important:
This section provides the minimum instruction set for configuring an LAC service to support IPSec
on the system. For more information on commands that configure additional parameters and options, refer to the
Command Line Interface Reference.
Command Line Interface Reference.
To configure the LAC service to support IPSec:
Step 1
Step 2
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
Modifying LAC service to Support IPSec
Use the following example to modify an existing LAC service to support IPSec on your system:
configure
context ctxt_name
lac-service lac_svc_name
peer-lns ip_address [encrypted] secret secret [crypto-map map_name {
[encrypted] isakmp-secret secret } ] [ description text ] [ preference integer ]
[encrypted] isakmp-secret secret } ] [ description text ] [ preference integer ]
isakmp aaa-context aaa_ctxt_name
isakmp peer-fa fa_address crypto-map map_name [ secret preshared_secret
]
]
end
Notes:
ctxt_name is the destination context where the LAC service is configured to support IPSec.
lac_svc_name is name of the LAC service for which you are configuring IPSec.