About L2TP Remote Access

Microsoft VPN clients use L2TP Layer 2 Tunneling Protocol over IPsec to establish VPN connections. The Threat Management Services (TMS) zl Module can act as an LNS L2TP Network Server for these endpoints, allowing the remote clients (LAC L2TP Access Concentrator s) to have access to the private network.

An L2TP over IPsec session is established in the following way:

  1. A remote endpoint and the TMS zl Module negotiate an IPsec SA Security Association using IKE and an IPsec proposal that specifies ESP Encapsulating Security Protocol.

  2. The two endpoints establish a L2TP tunnel:

  1. The remote endpoint (LAC) sends an L2TP packet to the TMS zl Module (LNS) on UDP 1701.

  2. The TMS zl Module sends a response, which specifies the port to which all future packets should be sent.

  3. The remote endpoint sends a response packet to the port that is specified in the LNS's packet. The L2TP tunnel is now established.

  1. Either endpoint requests an L2TP session.

  2. The receiving endpoint responds to this request, and the L2TP session is established. More than one session can be established through a single L2TP tunnel.