Method used to configure the L2TP VPN on the USG6000

The L2TP application scenarios on the USG6000 are as follows:
1. NAS-Initiated VPN
A user accesses the LAC by means of PPPoE dialup, and a tunnel is established between the LAC and the LNS.
A user accesses the LAC by means of PPPoE dialup. The LAC sends a tunnel establishment request to the LNS through Internet. The LNS allocates an address to the user. The user is authenticated by the proxy on the LAC side or by both the LAC and the proxy on the LAC side. When all L2TP users are offline, the tunnel is automatically released to save resources. The tunnel is re-established when a user is accessed.
This networking is applicable to the following scenario: A branch office user initiates a request to connect to the HQ network, and generally, the branch office user does not frequently access the HQ network.

2. LAC autodial
A permanent L2TP session is established between the LAC and the LNS. A client can transmit data over the tunnel by means of an IP connection without PPP dialup.
The user can configure the trigger condition for establishing a permanent L2TP session between the LAC and the LNS. The LAC establishes a permanent L2TP tunnel with the LNS using the locally-stored user name. The L2TP tunnel serves as a physical connection. In this way, the connection between the user and the LAC is based on the IP connection instead of the PPP connection. The LAC can forward IP packets of the user to the LNS.

3. Client-Initiated VPN
A client that supports L2TP dialup can directly initiate a tunnel establishment request to the LNS bypassing the LAC.
The user can directly initiate the connection. Therefore, the user can directly initiate a tunnel establishment request to the LNS bypassing the LAC. The LNS allocates an address to the user.
Since the LNS needs to establish a tunnel for each remote user, the LNS configuration is relative complex compared with that in the NAS-Initiated VPN scenario. However, the user access is not subject to geographical restrictions.
This scenario is applicable to the mobile office. For example, an employee on a business trip can access the HQ server using PCs or mobile phones.

Scroll to top