Enabling IPSec Support for L2TP

To configure an L2TP destination profile:

1. Create a destination profile that defines the location of the LAC, and access L2TP Destination Profile Configuration mode.

   host1(config)#l2tp destination profile boston4 ip address 0.0.0.0

   host1(config-l2tp-dest-profile)#

2. Define the L2TP host profile, and enter L2TP Destination Profile Host Configuration mode.

   host1(config-l2tp-dest-profile)#remote host default

   host1(config-l2tp-dest-profile-host)#

3. Specify that for L2TP tunnels associated with this destination profile, the router accept only tunnels protected by IPSec.

   host1(config-l2tp-dest-profile-host)#enable ipsec-transport

4. (Optional) Assign a profile name for a remote host.

   host1(config-l2tp-dest-profile-host)#profile georgeProfile1

5. Specify the local IP address to be used in any packets sent to the LAC.

   host1(config-l2tp-dest-profile-host)#local ip address 10.0.0.1

For information about other L2TP destination profile commands, see LNS Configuration Prerequisites.

enable ipsec-transport

• Use to specify that the router accept only L2TP tunnels protected by an IPSec transport connection.
• Example

  host1(config-l2tp-dest-profile-host)#enable ipsec-transport

• Use the no version to disable IPSec transport mode.
• See enable ipsec-transport.

l2tp destination profile

• Use to create the destination profile that defines the location of the LAC and to access L2TP Destination Profile Configuration mode.
• If no virtual router is specified, the current virtual router context is used.
• If the destination address is 0.0.0.0, then any LAC that can be reached via the specified virtual router is allowed to access the LNS. If the destination address is nonzero, then it must be a host-specific IP address.
• The router supports up to 4,000 L2TP destination profiles.
• Example

  host1:boston(config)#l2tp destination profile boston ip address 10.10.76.12

  host1:boston(config-l2tp-dest-profile)#

• Use the no version to remove the L2TP destination profile and all of its host profiles.

  Note: If you remove a destination profile, all tunnels and sessions using that profile will be dropped.

• See l2tp destination profile.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.