NAS-Initiated Scenario (Dial-Up Users Accessing the Enterprise Intranet)
This section describes the L2TP VPN networking and services in the NAS-initiated scenario.
As shown in Figure 1, employee users access the Internet through dialup. The Network Access Server (NAS) is deployed by the carrier to provide PPP/PPPoE access services for dialup users to access the Internet. The L2TP Network Server (LNS) is the egress gateway of the enterprise headquarters.
Before L2TP VPN is developed, dialup users use PPP to apply for intranet address from the LNS when remotely accessing intranet resources of the headquarters. Due to the restrictions of PPP, PPP packets sent by dialup users are terminated by the NAS and cannot reach the LNS over the Internet. After L2TP VPN emerges, carriers cooperate with the enterprise to deploy an L2TP VPN tunnel between the NAS and LNS. After the packets from dialup users reach the NAS, the NAS encapsulates the packets into L2TP packets and transmits them through the L2TP VPN tunnel over the Internet. After receiving the L2TP packets, the LNS decapsulates them into PPP packets. In this way, PPP packets are transmitted over the Internet, and the requirement of mobile employees for remote working is fulfilled.
With the development of the Internet, the PPP access is replaced with the PPPoE access mode. L2TP VPN also enables PPPoE dialup users to remotely access the enterprise headquarters. The NAS converts PPPoE packets into PPP packets and sends them over the established L2TP VPN tunnel.
