Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX AAA Server A.06.01 Administrator's Guide: HP-UX 11.0, 11i v1, 11i v2 > Chapter 1 Overview: The HP-UX AAA Server

VPN Tunneling
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Tunneling involves access to a server that provides secure intranet or other network functionality through a dial-up or Internet connection from a client workstation. This process can be categorized as one of two types: voluntary or compulsory. Some applications, such as secure access to corporate intranets through the Internet, are characterized by voluntary tunneling, where users create the tunnel through client software at their workstation. These tunnels are created independently of the AAA server.

Compulsory VPN tunnels are established by returning tunneling attributes to the access device. The HP-UX AAA Server supports tagged attributes that can be used to specify tunneling alternatives, in the event that the access device cannot establish the preferred tunnel configuration.

NOTE: How you configure the server to handle hints in the Access-Request may also affect how or if the tunnel is established

Establishing a Tunnel for a User

  • If the user profile is stored in a AAA server flat users file (grouped by realm or the default file), select the Free tab from the User Attributes screen and then add the tunneling attributes that will define the tunnel.

  • If the user profile is stored in an LDAP LDIF file, add the attributes to the profile, following the aaaReply: Tunneling-Attribute = Value syntax.

  • If you want to specify alternative tunnels, you should use tagged attributes with the Tunneling-Attribute =:Tag-no:Value syntax. Each set of attributes that establish one of the possible tunnels should be tagged with the same Tag-no. The order in which the access device should consider the tunnel alternatives is specified with the Tunnel Preference attribute. In the following example, the access device will establish a tunnel according to those attributes tagged with 1, since that group has Tunnel Preference set to “first,” and if the access device cannot establish the tunnel with those attributes, it will use the alternative tagged with 2 (Tunnel Preference of “second.”) 

Tunnel-Type =:1:PPTP,
Tunnel-Medium-Type =:1:IPv4,
Tunnel-Client-Endpoint =:1:192.168.127.1,
Tunnel-Server-Endpoint =:1:192.155.111.1,
Tunnel-Password =:1:Michigan,
Tunnel-Private-Group-ID =:1:engineering,
Tunnel-Assignment-ID =:1:management,
Tunnel-Preference =:1:first,
Tunnel-Client-Auth-ID =:1:NET,
Tunnel-Server-Auth-ID =:1:Michigan,
Tunnel-Type =:2:L2TP,
Tunnel-Medium-Type =:2:IPv4,
Tunnel-Client-Endpoint =:2:192.168.127.1,
Tunnel-Server-Endpoint =:2:192.170.130.1,
Tunnel-Password =:2:California,
Tunnel-Private-Group-ID =:2:engineering,
Tunnel-Assignment-ID =:2:management,
Tunnel-Preference =:2:second,
Tunnel-Client-Auth-ID =:2:NET,
Tunnel-Server-Auth-ID =:2:California


Simple Network Management (SNMP) Support
  		 


Chapter 2 Migrating to Version A.06.01.x  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2001-2004 Hewlett-Packard Development Company, L.P.