Cisco Cisco Packet Data Gateway (PDG) Guida Alla Risoluzione Dei Problemi
IP Security
Implementing IPSec for L2TP Applications ▀
Cisco ASR 5000 Series Enhanced Feature Configuration Guide ▄
OL-22982-01
How IPSec is Used for PDSN Compulsory L2TP Configurations
The following figure and the text that follows describe how IPSec-encrypted PDSN compulsory L2TP sessions are
processed by the system.
processed by the system.
Figure 24. PDSN Compulsory L2TP, IPSec-Encrypted Session Processing
PDSN
LNS/Security
Gateway
1
5
6
7
8
IPSec Tunnel
Source
Ctx.
Local Ctx.
Destination
Ctx.
LAC
Service
P
D
N
D
N
Crypto Map
Transform
Set(s)
ISAKMP
Policy(ies)
PDSN-
Service
R
P
P
AAA Cfg.
AAA
2
4
3
Table 17. PDSN Compulsory L2TP, IPSec-Encrypted Session Processing
Step
Description
1.
A subscriber session arrives at a PDSN service on the system that is configured to perform compulsory tunneling. The
system uses the LAC service specified in the PDSN service‘s configuration.
system uses the LAC service specified in the PDSN service‘s configuration.
2.
The LAC service dictates the peer LNS to use and also specifies the following parameters indicating that IP security is also
required:
required:
Crypto map name
ISAKMP secret
3.
The system determines that the crypto map name supplied matches a configured crypto map.