With LANconfig, you configure L2TP under .
The tunnel configuration for the control data of an L2TP tunnel to a tunnel endpoint is located under L2TP endpoints.
- Name
- Name of the tunnel endpoint
- IP address
- IP address of the tunnel endpoint (IPv4, IPv6, FQDN).
- Routing tag
- The routing tag of the route to the tunnel endpoint
- Port
- UDP Port
- Polling interval
- Polling interval in seconds
- Host name
- Name used by the device to authenticate at the tunnel endpoint
- Password
- Password used by the device to authenticate at the tunnel endpoint
- Authenticate remote end
- Enable this option if two tunnel endpoints (LAC and LNS) are required to mutually authenticate one another before establishing a tunnel. In this case, the tunnel endpoint name and password for this device are configured as the tunnel endpoint and the option to Authenticate remote end is similarly enabled.
- Obfuscate tunnel negotiation
- If the tunnel negotiations between the LAC and the LNS are to be encrypted, you enable this option. The two L2TP partners encrypt and decrypt the L2TP messages with the help certain AVPs (attribute value pairs) of a common preshared secret.
Under L2TP list, you make the link between the L2TP remote sites and a previously configured tunnel endpoint.
- Outgoing connections
- Incoming connections with an idle timeout not equal to "20" or
- If incoming links specify the use of a specific tunnel only.
- Remote site
- Name of the L2TP remote device
- L2TP endpoint
- Name of the tunnel endpoint used by this remote site.
- Short hold time
- Determines how long the L2TP tunnel endpoint keeps the tunnel open when inactive.
In the case of incoming tunnel requests, a check is performed either by RADIUS or by means of an entry for the requesting host in the L2TP endpoints table. If the table contains an entry with the same IP address (or no IP address is specified for this entry), the device permits tunnel establishment to this host.
For additional protection, for example to enable encryption of the L2TP sessions via IPSec, the device can additionally check the routing tag of the remote site from which it received the data. This option is enabled with L2TP source routing tag check enabled.
You have the option to configure up to 32 additional gateways per tunnel endpoint by clicking on Further remote endpoints.
- Remote site
- Name of the tunnel endpoint, as configured in the table of L2TP endpoints.
- Begin with L2TP endpoint
- Option for selecting the next gateway. The following options are available:
- Last used: Select the last successful address
- First: Select the first gateway in the list
- Random: Random selection from the gateways in the list
On the following tabs you configure the names and the respective routing tags of the alternative gateways.
