▀ Implementing IPSec for L2TP Applications
How IPSec is Used for PDSN Compulsory L2TP Configurations
The following figure and the text that follows describe how IPSec-encrypted PDSN compulsory L2TP sessions are
processed by the system.
Figure 14. PDSN Compulsory L2TP, IPSec-Encrypted Session Processing
1
PDSN
AAA
Transform
Set(s)
AAA Cfg.
ISAKMP
4
Policy(ies)
R
PDSN-
3
Crypto Map
P
Service
2
LAC
Service
Source
Ctx.
Destination
Local Ctx.
Ctx.
Table 12. PDSN Compulsory L2TP, IPSec-Encrypted Session Processing
Step
Description
1.
A subscriber session arrives at a PDSN service on the system that is configured to perform compulsory tunneling. The
system uses the LAC service specified in the PDSN service's configuration.
2.
The LAC service dictates the peer LNS to use and also specifies the following parameters indicating that IP security is also
required:
Crypto map name
ISAKMP secret
3.
The system determines that the crypto map name supplied matches a configured crypto map.
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
148
5
6
7
IPSec Tunnel
8
P
D
N
LNS/Security
Gateway
IP Security
OL-25069-03