Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
5
Helpful
5
Replies

about L2TP

hsasaki_cert
Level 1
Level 1

‎08-10-2006 05:37 PM

Dear Sirs,

Please teach L2TP.

It thinks about the design with L2TP.

A in case of three sites, Headquarters(HQ), Branch1(B1) and Branch2(B2).

B1---HQ---B2

It is a star type.

At this time, is "B1---B2" possible?

It is a mesh type.

Best regards,

Labels:
0 Helpful
5 Replies 5

globalnettech
Level 5
Level 5

‎08-11-2006 12:08 AM

Hello,

are you saying that your current setup is a hub (HQ) and spoke (B1 and B2 as spokes) configuration, and that now you want to make it a meshed configuration, by adding a L2TP tunnel between B1 and B2 ?

Regards,

GNT

0 Helpful

hsasaki_cert
Level 1
Level 1
In response to globalnettech

‎08-11-2006 01:33 AM

yes, Is it possible?

0 Helpful

globalnettech
Level 5
Level 5
In response to hsasaki_cert

‎08-11-2006 02:10 AM

Hello,

the config for the L2TP tunnel between B1 and B2 should look like this (the IP addresses are arbitrary, make sure you use those you have configured between B1 and B2):

B1

username B1 password 0 123456

username B2 password 0 123456

!

vpdn enable

!

vpdn-group 1

request-dialin

protocol l2tp

domain yourdomain.com

initiate-to ip 192.168.1.2

local name B1

B2

username B1 password 0 123456

username B2 password 0 123456

!

vpdn enable

!

vpdn-group 1

request-dialin

protocol l2tp

domain yourdomain.com

initiate-to ip 192.168.1.1

local name B2

Regards,

GNT

ilya.varlashkin
Level 3
Level 3
In response to globalnettech

‎08-15-2006 05:25 AM

GNT,

wouldn't that configuration just prepare L2TP tunnel setup but actually do nothing until somebody calls router B1 (by whatever means that will end them up in vpdn-group) and then all they'll get is being L2TP tunneled to B1 and getting IP-layer connection from B1. Even if that is what needs to be achieved (strange), looks like there's race condition - vpdn configuration on each server doesn't accept any connection but only initiates and both are for the same domain.

0 Helpful

ilya.varlashkin
Level 3
Level 3

‎08-15-2006 05:30 AM

if you want communication between B1 and B2 to logically be direct (although it will still have to pass via HQ as there's no other phisical way), then GRE tunnel seems to be more appropriate solution. With static GRE tunnels when you know IP address of the remote site in advance it's pretty simple and requires only specifying tunnel endpoints. It's however possible to make dynamic tunnel between B1 and B2 to come up when traffic exceeds certain threshold.

0 Helpful
Customers Also Viewed These Support Documents