Cisco Support Community
Community Member

L2TP tunnels

Im' trying to get some L2TP tunnels (only L2TP, no ipsec) up and running between

some client running windows XP and a central IOS router. The client are getting

access through the internet using different means like ISDN, ADSL and even from

behind firewalls at other locations.

It will always be the clients who creates the connection (still no IPSEC only L2TP)

I've created a test setup that looks like the following:

Windows XP ---- IOS Nat router with overload ---- internet --- IOS

Router(l2tp)---- internal network

This works just fine !!! But will i only be able to connect that single client

or will other client be able to connect as well ?

If this does not do the trick ? will pptp do it then ?? or should i use a

totally different way ?

Best Regards

Soren Knudsen


Re: L2TP tunnels

Not sure what you are asking exactly, but in general VPDN looks like this:


There are essentially (with the exception of performance due to number of connections) no restrictions on the LAC or LNS regarding the number of tunnels, the number of sessions, the number of sessions per tunnel, or the number of clients. Again there are max limits per platform based mostly on performance, but they certainly are high enough not to matter right now.

Community Member

Re: L2TP tunnels

It must be the question on how Cisco IOS handles L2TP and port numbers. So we're talking about NAT.

the RFC states that L2TP (where a client running an L2TP client is always acting as the LAC ... so nothing weird about that). Usually starts a session on udp port 1701 to 1701. Source port can be changed though.

The receiving L2TP peer (the LNS) then responds to the sender normally from 1701 to the senders port. But the problem is that it does not have to be sent from 1701. If that is the case then L2TP and NAT will not work.

If the LNS does not change the source port (away from 1701) then it will work across NAT'ed environments and fortunately most vendors do this. But what do cisco IOS do ??


Re: L2TP tunnels

Cisco does not change the source port; you can change the source IP address via the config, but that's about it.

CreatePlease to create content