3.
Create a VPN connection to the router.
4.
Log the client in to the E Series router.
Configuration Tasks for E Series Routers
The main configuration tasks for setting up L2TP/IPSec are:
1.
Set up IP connectivity to L2TP clients; for example, PPPoE, DHCP, or static IP.
2.
Set up digital certificates on the router, or configure preshared keys for IKE
authentication.
■
To set up digital certificates, see “Configuring Digital Certificates” on page 213.
■
To set up preshared keys, see “Configuring IPSec Parameters” on page 146
in “Configuring IPSec” on page 125.
3.
Create IPSec policies. See “Defining an IKE Policy” on page 156 in “Configuring
IPSec” on page 125.
4.
Configure RADIUS authentication and accounting. See
JUNOSe Broadband Access
Configuration Guide
.
5.
Configure L2TP destination profiles. See the next section, “Enabling IPSec Support
for L2TP” on page 297.
6.
Configure NAT-T on the virtual router. See “Configuring NAT-T” on page 298.
7.
Configure single-shot L2TP/IPSec tunnels. See “Configuring Single-Shot Tunnels”
on page 299.
8.
Configure IPSec transport profiles. See “Configuring IPSec Transport Profiles”
on page 302.
Enabling IPSec Support for L2TP
To configure an L2TP destination profile:
1.
Create a destination profile that defines the location of the LAC, and access L2TP
Destination Profile Configuration mode.
host1(config)#
l2tp destination profile boston4 ip address
0.0.0.0
host1(config-l2tp-dest-profile)#
2.
Define the L2TP host profile, and enter L2TP Destination Profile Host
Configuration mode.
host1(config-l2tp-dest-profile)#
remote host default
host1(config-l2tp-dest-profile-host)#
3.
Specify that for L2TP tunnels associated with this destination profile, the router
accept only tunnels protected by IPSec.
host1(config-l2tp-dest-profile-host)#
enable ipsec-transport
4.
(Optional) Assign a profile name for a remote host.
L2TP/IPSec Tunnels
■
297
Chapter 12: Securing L2TP and IP Tunnels with IPSec
Содержание IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Страница 6: ...vi...
Страница 8: ...viii JUNOSe 11 1 x IP Services Configuration Guide...
Страница 18: ...xviii Table of Contents JUNOSe 11 1 x IP Services Configuration Guide...
Страница 20: ...xx List of Figures JUNOSe 11 1 x IP Services Configuration Guide...
Страница 22: ...xxii List of Tables JUNOSe 11 1 x IP Services Configuration Guide...
Страница 28: ...2 Chapters JUNOSe 11 1 x IP Services Configuration Guide...
Страница 138: ...112 Monitoring J Flow Statistics JUNOSe 11 1 x IP Services Configuration Guide...
Страница 286: ...260 Monitoring IP Tunnels JUNOSe 11 1 x IP Services Configuration Guide...
Страница 312: ...286 Monitoring IP Reassembly JUNOSe 11 1 x IP Services Configuration Guide...
Страница 357: ...Part 2 Index Index on page 333 Index 331...
Страница 358: ...332 Index JUNOSe 11 1 x IP Services Configuration Guide...