Enabling L2TP for VPNs
If multiple enterprises share the same LNS device and use the same name for the tunnel peers (LAC devices), the LNS device is unable to differentiate which users belong to which enterprises. The L2TP support for VPNs function can solve this problem. With this function, an LNS can differentiate multiple VPN domains and service users of different enterprises simultaneously.
In an L2TP VPN application, specify the domain to which VPN users belong by using the domain keyword in the allow l2tp virtual-template command. After an L2TP tunnel is established, the LNS obtains the domain name from the session negotiation packet and searches for the same domain among those locally configured for VPN users. If an L2TP group's tunnel peer name and domain name match, the LNS establishes a session according to the group configuration. Thus, different sessions can be established for VPN users of different domains.
If multiple L2TP groups on the LNS are configured with the same remote tunnel name, make sure that their tunnel authentication settings are the same. Mismatching tunnel authentication keys will result in tunnel establishment failure.
To enable L2TP for VPNs:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable L2TP for VPNs. | l2tpmoreexam enable | Disabled by default. |