Microsoft VPN clients use L2TP over IPsec to establish VPN connections. The Threat Management Services (TMS) zl Module can act as an LNS for these endpoints, allowing the remote clients (LAC s) to have access to the private network.
An L2TP over IPsec session is established in the following way:
-
A remote endpoint and the TMS zl Module negotiate an IPsec SA using IKE and an IPsec proposal that specifies ESP .
-
The two endpoints establish a L2TP tunnel:
-
The remote endpoint (LAC) sends an L2TP packet to the TMS zl Module (LNS) on UDP 1701.
-
The TMS zl Module sends a response, which specifies the port to which all future packets should be sent.
-
The remote endpoint sends a response packet to the port that is specified in the LNS's packet. The L2TP tunnel is now established.
-
Either endpoint requests an L2TP session.
-
The receiving endpoint responds to this request, and the L2TP session is established. More than one session can be established through a single L2TP tunnel.


|