Cisco Cisco Packet Data Gateway (PDG) Folheto
Service Configurations
PDSN Service Configuration for L2TP Support ▀
Cisco StarOS IP Security (IPSec) Reference ▄
91
RADIUS/Subscriber attributes.
RADIUS and Subscriber Attributes for L2TP Application IPSec Support
The table below lists the RADIUS and Subscriber attributes required to support IPSec for use with attribute-based L2TP
tunneling.
tunneling.
These attributes are contained in the following dictionaries:
Starent
Starent-835
Table 11.
Subscriber Attributes for IPSec encrypted L2TP Support
RADIUS Attribute
Local
Subscriber
Subscriber
Attribute
Description
Variable
SN1-Tunnel-
ISAKMP- Crypto-Map
ISAKMP- Crypto-Map
tunnel l2tp
crypto-map
crypto-map
The name of a crypto map
configured on the system.
configured on the system.
A salt-encrypted ASCII string specifying the
crypto-map to use for this subscriber. It can
be tagged, in which case it is treated as part
of a tunnel group.
crypto-map to use for this subscriber. It can
be tagged, in which case it is treated as part
of a tunnel group.
SN1 -Tunnel-
ISAKMP- Secret
ISAKMP- Secret
tunnel l2tp
crypto-map
isakmp-secret
crypto-map
isakmp-secret
The pre-shared secret that will
be used as part of the D-H
exchange to negotiate an IKE
SA.
be used as part of the D-H
exchange to negotiate an IKE
SA.
A salt-encrypted string specifying the IKE
secret. It can be tagged, in which case it is
treated as part of a tunnel group.
secret. It can be tagged, in which case it is
treated as part of a tunnel group.
Modifying PDSN Service to Support Compulsory L2TP Tunneling
Use the following example to modify an existing PDSN service to support compulsory L2TP tunneling on your system:
configure
context <ctxt_name>
pdsn-service <pdsn_svc_name>
ppp tunnel-context <lac_ctxt_name>
ppp tunnel-type l2tp
end
Notes:
<ctxt_name>
is the destination context where the PDSN service is configured.
<pdsn_svc_name>
is name of the PDSN service for which you are configuring attribute-based L2TP tunneling.
<lac_ctxt_name>
is the name of the destination context where the LAC service is located.