для Cisco Cisco Packet Data Gateway (PDG)
Service Configurations
PDSN Service Configuration for L2TP Support ▀
IPSec Reference, StarOS Release 16 ▄
91
RADIUS/Subscriber attributes.
RADIUS and Subscriber Attributes for L2TP Application IPSec Support
The table below lists the RADIUS and Subscriber attributes required to support IPSec for use with attribute-based L2TP
tunneling.
tunneling.
These attributes are contained in the following dictionaries:
Starent
Starent-835
Table 11.
Subscriber Attributes for IPSec encrypted L2TP Support
RADIUS Attribute
Local Subscriber
Attribute
Attribute
Description
Variable
SN1-Tunnel-ISAKMP-
Crypto-Map
Crypto-Map
tunnel l2tp crypto-map
The name of a crypto map
configured on the system.
configured on the system.
A salt-encrypted ASCII string
specifying the crypto-map to use for
this subscriber. It can be tagged, in
which case it is treated as part of a
tunnel group.
specifying the crypto-map to use for
this subscriber. It can be tagged, in
which case it is treated as part of a
tunnel group.
SN1 -Tunnel-ISAKMP- Secret tunnel l2tp crypto-map
isakmp-secret
The pre-shared secret that
will be used as part of the
D-H exchange to negotiate
an IKE SA.
will be used as part of the
D-H exchange to negotiate
an IKE SA.
A salt-encrypted string specifying
the IKE secret. It can be tagged, in
which case it is treated as part of a
tunnel group.
the IKE secret. It can be tagged, in
which case it is treated as part of a
tunnel group.
Modifying PDSN Service to Support Compulsory L2TP Tunneling
Use the following example to modify an existing PDSN service to support compulsory L2TP tunneling on your system:
configure
context <ctxt_name>
pdsn-service <pdsn_svc_name>
ppp tunnel-context <lac_ctxt_name>
ppp tunnel-type l2tp
end
Notes:
<ctxt_name>
is the destination context where the PDSN service is configured.
<pdsn_svc_name>
is name of the PDSN service for which you are configuring attribute-based L2TP tunneling.
<lac_ctxt_name>
is the name of the destination context where the LAC service is located.