101 question - L2TP and L2TP over IPSec

101 question - L2TP and L2TP over IPSec

Post by Raymond N » Thu, 29 Nov 2001 07:38:32



Hi there,

Would someone give me a brief explanation or point to me some good web
articles about what L2TP is, why there is such a thing called "L2TP over
IPSec"?  Thanks.

-raymond

 
 
 

1. VPN over L2TP patchy connectivity while L2TP Traffic without VPN is fine.

We set up a L2 Tunnel bertween to ADSL users.

At first nothing worked until we discovered the overhead of the L2 Tunnel
(40 bytes) and adjusted MTU's to compensate and all seemed good.

Then we added a VPN between these 2 users and things started to break again.

i.e PIng works down the VPN and varoious other things but terminal services
and Outlook trying to collect mail from the other end point does not.

It seems that the VPN again plays havoc with the MTU or packet
fragmentation.

Config below fixed the initial issues.

username NET-TEST-L2TP password 7 08
username NET-TEST2-L2TP password 7 04

vpdn enable
vpdn multihop
vpdn search-order domain

!
vpdn-group NET-TEST-L2TP
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname NET-TEST-L2TP
 source-ip 82.151.255.5
 local name NET-TEST-L2TP
 lcp renegotiation always
 l2tp tunnel password 7 151

#Added these 2 lines to fix initial issues.
 ip pmtu
 ip mtu adjust
!
vpdn-group NET-TEST2-L2TP
 accept-dialin
  protocol l2tp
  virtual-template 2
 terminate-from hostname NET-TEST2-L2TP
 source-ip x.x.x.x
 local name NET-TEST2-L2TP
 lcp renegotiation always
 l2tp tunnel password 7 01

#Added these 2 lines to fix initial issues.
 ip pmtu
 ip mtu adjust

interface Virtual-Template1
 ip unnumbered Loopback0
 no ip redirects
 no ip proxy-arp

#Added this line as part fo the fix
 ip tcp adjust-mss 1400
 ip policy route-map clear-df
 no logging event link-status
 peer default ip address pool SPPOOL
 keepalive 60
 ppp authentication chap
 ppp multilink
 ppp multilink fragment disable
!
interface Virtual-Template2
 ip unnumbered Loopback0
 no ip redirects
 no ip proxy-arp

#Added this line as part fo the fix
 ip tcp adjust-mss 1400
 ip policy route-map clear-df
 no logging event link-status
 peer default ip address pool SPPOOL
 keepalive 60
 ppp authentication chap
 ppp multilink
 ppp multilink fragment disable

#Added this line as part of the fix
access-list 111 permit tcp any any
!
route-map clear-df permit 10
 match ip address 111
 set ip df 0

VPN's have the same types off issues as normal traffic prior to the added
lines above.

How do I get the VPN to compensate or am I way off???

Help please.
Gary

2. mime format not working exch 2k on sbs 2000

3. l2tp initiated outdial of router modems from w2k l2tp client?

4. Explorer invalid page fault

5. IPSec vs. L2TP/IPsec vs. PPTP

6. It's March, do you know where your CDTV support is?

7. VPN Question: IPSEC vs. PPTP and L2TP

8. ICS with Windows 2000 and AOL 5.0.

9. A few questions on MS L2TP/IPSec

10. VPN, ISA server, PPTP, L2TP, NAT, IPsec question

11. L2TP over IPSec.

12. IPSec/L2TP

13. 2547 PE with IPSec/L2TP