Cisco Cisco Packet Data Gateway (PDG)
Service Configurations
PDSN Service Configuration for L2TP Support ▀
IPSec Reference, StarOS Release 17 ▄
91
RADIUS/Subscriber attributes.
RADIUS and Subscriber Attributes for L2TP Application IPSec Support
The table below lists the RADIUS and Subscriber attributes required to support IPSec for use with attribute-based L2TP
tunneling.
tunneling.
These attributes are contained in the following dictionaries:
Starent
Starent-835
Table 11. Subscriber Attributes for IPSec encrypted L2TP Support
RADIUS Attribute
Local Subscriber
Attribute
Attribute
Description
Variable
SN1-Tunnel-ISAKMP-
Crypto-Map
Crypto-Map
tunnel l2tp crypto-map
The name of a crypto map
configured on the system.
configured on the system.
A salt-encrypted ASCII string specifying
the crypto-map to use for this subscriber.
It can be tagged, in which case it is
treated as part of a tunnel group.
the crypto-map to use for this subscriber.
It can be tagged, in which case it is
treated as part of a tunnel group.
SN1 -Tunnel-ISAKMP-
Secret
Secret
tunnel l2tp crypto-map
isakmp-secret
isakmp-secret
The pre-shared secret that
will be used as part of the
D-H exchange to negotiate
an IKE SA.
will be used as part of the
D-H exchange to negotiate
an IKE SA.
A salt-encrypted string specifying the
IKE secret. It can be tagged, in which
case it is treated as part of a tunnel
group.
IKE secret. It can be tagged, in which
case it is treated as part of a tunnel
group.
Modifying PDSN Service to Support Compulsory L2TP Tunneling
Use the following example to modify an existing PDSN service to support compulsory L2TP tunneling on your system:
configure
context ctxt_name
pdsn-service pdsn_svc_name
ppp tunnel-context lac_ctxt_name
ppp tunnel-type l2tp
end
Notes:
ctxt_name is the destination context where the PDSN service is configured.
pdsn_svc_name is name of the PDSN service for which you are configuring attribute-based L2TP tunneling.
lac_ctxt_name is the name of the destination context where the LAC service is located.