Cisco Support Community
Community Member

L2TP Client-Initiated tunneling


I have a L2TPv2 client-peer that cannot build a L2TP tunnel with a remote L2TPv2 peer. The client-peers is located behind a cable-modem. This cable-modem maybe doing PAT.

I think the problem is when the remote-peer attempts to respond to the client-initiated request.

Would NAT/PAT or an ISP block this traffic from building a tunnel? I thought L2TP used UDP (1710).

As always, thanks for your advice.


Community Member

Re: L2TP Client-Initiated tunneling

Hello, Mike.

I don't know how it works under Cisco, but there is NAN-Traversal (I set it under Microsoft).

All the packet encapsulated into UDP 4500 datagrams, and flows through the NAT.

Usual NAT doesn't permit L2TP (UDP 1701), because NAT changes the IP header.

Also you should try PPTP/GRE - less secure, less problems :))

P.S. What do you use for encryption the L2TP-traffic?

Community Member

Re: L2TP Client-Initiated tunneling

We're not encrypting any of the data. I believe one of the other net-admins designed it this way for the authentication.

We're using PPP with the L2TP tunnel. This allows us to use usernames and passwords with a Radius server.

The authentication is great. But the data isn't encrypted.


CreatePlease to create content