Configuring Single-Shot L2TP/IPsec Tunnels

You can use the single-shot-tunnel command to configure a single-shot L2TP tunnel secured with IPsec.

To configure a single-shot L2TP/IPsec tunnel:

  1. Create an L2TP destination profile, which defines the location of the LAC. The l2tp destination profile command accesses L2TP Destination Profile Configuration mode. For more information about creating the L2TP destination profile, see Creating an L2TP Destination Profile.
    host1(config)#l2tp destination profile boston4 ip address 0.0.0.0 host1(config-l2tp-dest-profile)#
  2. Create an L2TP host profile, which defines the attributes that the router, acting as the LNS, uses when communicating with the LAC. The remote host command accesses L2TP Destination Profile Host Configuration mode.
    host1(config-l2tp-dest-profile)#remote host default host1(config-l2tp-dest-profile-host)#
  3. Specify that, for L2TP tunnels associated with this host profile, the router accept only tunnels protected by IPsec. For more information about enabling IPsec transport mode, see Enabling IPsec Transport Mode.
    host1(config-l2tp-dest-profile-host)#enable ipsec-transport
  4. Specify that the L2TP tunnels associated with this host profile are single-shot tunnels.
    host1(config-l2tp-dest-profile-host)#single-shot-tunnel
  5. (Optional) Configure other attributes for the L2TP host profile.
  6. (Optional) Use the show l2tp destination profile command to verify the configuration of the single-shot tunnel for a particular L2TP host profile. For information about how to use this command, see Monitoring Configured L2TP Destination Profiles or Host Profiles.

For information about the other commands you can use to configure L2TP destination profiles and L2TP host profiles, see LNS Configuration Prerequisites in the JunosE Broadband Access Configuration Guide.

Related Documentation