Page 8 - Overview of IPSec and L2TP Technologies
Compulsory Tunneling
A compulsory tunnel is an L2TP tunnel which is not controlled by the user. In
compulsory tunneling the dial-up client PC accesses the Private Network by first dialing
to an L2TP Access Concentrator (LAC), which terminates the Public Switched
Telephone Network (PSTN) connection and then establishes an L2TP tunnel to the
L2TP network Server (LNS). In this mode the PPP session is established between the
dial-up client PC and the LNS and L2TP is established between the LAC and the
Network Access Server (NAS).
IP Office can be used to provide LAC operation but does not provide PPP
transportation. Under the IP Office 3.0+ implementation the incoming PPP session is
terminated locally and the L2TP tunnel is then established to the LNS. The contents of
the incoming PPP session are extracted and routed through the established tunnel in
the normal way.
Voluntary Tunneling
Voluntary tunneling mode operation describes an L2TP tunnel, which is established
directly between the user and the LNS. Once L2TP is established the PPP protocol
then runs over the session. Running voluntary tunneling is the primary operating mode
for the IP Office L2TP implementation.
The table below provides a summary of the L2TP packet exchanges that are used in
the establishment and control of an L2TP tunnel.
Message Type
Description
Start-Control-Connection-
Request (SCCRQ)
Sent by the L2TP client to establish the control connection.
Each L2TP tunnel requires a control connection to be
established before any other L2TP messages can be issued.
It includes an Assigned Tunnel-ID that is used to identify the
tunnel.
Start-Control-Connection-
Reply (SCCRP)
Sent by the L2TP server to reply to the Start-Control-
Connection-Request message.
Start-Control-Connection-
Connected (SCCRN)
Sent in reply to a Start-Control-Connection-Reply message
to indicate that the tunnel establishment was successful.
Outgoing-Call-Request
Sent by the L2TP client to create an L2TP tunnel. Included in
the Outgoing-Call-Request message is an Assigned Call ID
that is used to identify a call within a specific tunnel.
Outgoing-Call-Reply
Sent by the L2TP server in response to the Outgoing-Call-
Request message.
Start-Control-Connection-
Connected
Sent in reply to a received Outgoing-Call-Reply message to
indicate that the call was successful.
Hello
Sent by either the L2TP client or L2TP server as a keep-alive
mechanism. If the Hello is not acknowledged, the L2TP
tunnel is eventually terminated.
WAN-Error-Notify
Sent by the L2TP server to all VPN clients to indicate error
conditions on the PPP interface of the L2TP server.
Set-Link-Info
Sent by the L2TP client or L2TP server to set PPP-
negotiated options.
Call-Disconnect-Notify
Sent by either the L2TP server or L2TP client to indicate that
a call within a tunnel is to be terminated.
Stop-Control-Connection-
Notification
Sent by either the L2TP server or L2TP client to indicate that
a tunnel is to be terminated.
Page 8 - Overview of IPSec and L2TP Technologies
IP Office (R3.0)
General
40DHB0002UKER Issue 3 (4th February 2005)