Cisco Cisco Packet Data Gateway (PDG)
Service Configurations
LAC Service Configuration to Support IPSec ▀
IPSec Reference, StarOS Release 16 ▄
93
LAC Service Configuration to Support IPSec
This section provides instructions for configuring LAC (L2TP Access Concentrator) services to support IPSec.
Important:
These instructions are required for compulsory tunneling. They should only be performed for
attribute-based tunneling if the Tunnel-Service-Endpoint, the SN1-Tunnel-ISAKMP-Crypto-Map, or the SN1 -Tunnel-
ISAKMP-Secret are not configured in the subscriber profile.
ISAKMP-Secret are not configured in the subscriber profile.
These instructions assume that the LAC service was previously configured and system is ready to serve as an LAC
server.
server.
Important:
This section provides the minimum instruction set for configuring an LAC service to support IPSec
on the system. For more information on commands that configure additional parameters and options, refer to the
Command Line Interface Reference.
Command Line Interface Reference.
To configure the LAC service to support IPSec:
Step 1
Step 2
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
Modifying LAC service to Support IPSec
Use the following example to modify an existing LAC service to support IPSec on your system:
configure
context <ctxt_name>
lac-service <lac_svc_name>
peer-lns <ip_address> [encrypted] secret <secret> [crypto-map <map_name>
{ [encrypted] isakmp-secret <secret> } ] [ description <text> ] [ preference
<integer> ]
{ [encrypted] isakmp-secret <secret> } ] [ description <text> ] [ preference
<integer> ]
isakmp aaa-context <aaa_ctxt_name>
isakmp peer-fa <fa_address> crypto-map <map_name> [ secret
<preshared_secret> ]
<preshared_secret> ]
end