3Com 3C8S5907 User Guide - Page 71

71 At the central site, follow these steps: 1 Configure the L2Tunnel service (see the Configuring L2Tunnel Connections chapter in Using Enterprise OS Software) to enable the PathBuilder switch as a tunnel terminator. 2 Configure the firewall device if present, or the PathBuilder switch, to allow tunnel traffic through (see the Building Internet Firewalls chapter in Using Enterprise OS Software). 3 Configure the RAS service to allow authentication of the user by a server, such as a RADIUS server (see the Configuring Remote Access Services chapter in Using Enterprise OS Software). 4 Enable PPP encryption to allow encryption keys to be used by MPPE (see the Configuring Wide Area Networking Using PPP chapter in Using Enterprise OS Software). Creating a VPN for a Remote Office You can create a VPN to connect a remote office PathBuilder switch to the central site through the ISP using tunneling protocols such as the point-to-point tunneling protocol (PPTP). Figure 20 shows a typical configuration. In this configuration, the tunnel is established between the remote office and the central site. The ISP provides access to the shared network but does not interact in the tunneling setup. Figure 20 Remote Office Tunnel Remote office !V1 !1 NERToBuutieldr er OCOFNFNIECCET LAN Send ISDN Link Active WAN Connect Fault System Run Load Line Active Fault Line Act LEirnreor Fault B1 B2 Test Status Alert Pwr Fwd OfficeConnect bridge/router PPTP or L2TP tunnel ISP Firewall or CSU/DSU (optional) Central site PathBuilder switch The connection process typically follows this order: s The remote office OfficeConnect NETBuilder bridge/router dials the ISP. s The ISP assigns an IP address to the remote office bridge/router.