Method used to configure mutual access between remote clients of the L2TP VPN on the USG2000 and USG5000

The method used to configure mutual access between remote clients of the L2TP VPN on the USG2000 and USG5000 is as follows:

Problem description:
Simple networking:
(192.168.10.2) USG2000 (branch network 1)
USG5000 (HQ)
USG2000 (branch network 2) (192.168.157.1)

The address (192.168.10.2) of branch network 1 can be successfully pinged using the address (192.168.157.1) of branch network 2.

Implementation flow:
1. The key configuration is as follows:
Branch network 1:
interface Virtual-Template1
ppp authentication-mode chap
ppp chap user trustuser
ppp chap password cipher %$%$W# ip address 10.12.1.33 255.255.255.0
call-lns local-user trustuser

l2tp-group 1
tunnel password cipher %$%$3"9D>p2p!0JS[T*E/71$]C:1%$%$
tunnel name trust
start l2tp ip 222.240.248.210 fullusername trustuser

ip route-static 192.168.148.0 255.255.255.0 10.12.1.1
ip route-static 192.168.157.0 255.255.255.0 10.12.1.5 Route to branch network 2
ip route-static 192.168.173.0 255.255.255.0 10.12.1.1
ip route-static 192.168.174.0 255.255.255.0 10.12.1.1

Branch network 2:
interface Virtual-Template1
ppp authentication-mode chap
ppp chap user trustuser
ppp chap password cipher A!!
ip address 10.12.1.5 255.255.255.0
call-lns local-user trustuser

l2tp-group 1
tunnel password cipher -G=,LULZYDWJCK_%%<:`LQ!!
tunnel name trust
start l2tp ip 222.240.248.210 fullusername trustuser

ip route-static 0.0.0.0 0.0.0.0 218.76.73.1
ip route-static 192.168.10.0 255.255.255.0 10.12.1.33 Route to branch network 1
ip route-static 192.168.148.0 255.255.255.0 10.12.1.1 track ip-link 1

HQ network: No additional route is required.
interface Virtual-Template2
ppp authentication-mode chap
ppp chap user trustuser
ppp chap password cipher A!!
ip address 10.12.1.1 255.255.255.0
remote address pool 2

l2tp-group 2
allow l2tp virtual-template 2 remote trust
tunnel password cipher -G=,LULZYDWJCK_%%<:`LQ!!
tunnel name trustlns
aaa
ip pool 2 10.12.1.60 10.12.1.254
ip route-static 192.168.157.0 255.255.255.0 10.12.1.5 track ip-link 18

Scroll to top