After the AR is configured with L2TP VPN, can clients use the same user name to access the network

A user successfully initiates L2TP dialup, but cannot access the private network. The possible causes are as follows: - The firewall is enabled on the intranet host. - The local and remote devices are on the same network segment. - The access address through L2TP dialup and LAN users are on the same network segment, and proxy ARP is not enabled. - The MTU on the virtual interface is incorrect. It is recommended that the MTU of the virtual interface plus all the header lengths should not exceed the MTU of the interface. Otherwise, packets will be discarded if some devices do not support fragmentation. - The MSS on the virtual interface is incorrect. Ensure that the MSS plus all the header lengths does not exceed the MTU. - LCP re-negotiation is not configured. - There are unreachable routes. - Tunnel authentication is not configured. - IPSec encryption is not configured and data flows do not match ACLs.

The same user name can be used to access the network. There is no limitation on the specification.

Yes. Only the traffic from users to intranet servers is transmitted by L2TP tunnels. Therefore, tunnels do not affect user access to the Internet.

The method used to configure mutual access between remote clients of the L2TP VPN on the USG2000 and USG5000 is as follows: Problem description: Simple networking: (192.168.10.2) USG2000 (branch network 1) USG5000 (HQ) USG2000 (branch network 2) (192.168.157.1) The address (192.168.10.2) of branch network 1 can be successfully pinged using the address (192.168.157.1) of branch network 2. Implementation flow: 1. The key configuration is as follows: Branch network 1: interface Virtual-Template1 ppp authentication-mode chap ppp chap user trustuser ppp chap password cipher %$%$W#p2p!0JS[T*E/71$]C:1%$%$ tunnel name trust start l2tp ip 222.240.248.210 fullusername trustuser ip route-static 192.168.148.0 255.255.255.0 10.12.1.1 ip route-static 192.168.157.0 255.255.255.0 10.12.1.5 Route to branch network 2 ip route-static 192.168.173.0 255.255.255.0 10.12.1.1 ip route-static 192.168.174.0 255.255.255.0 10.12.1.1 Branch network 2: interface Virtual-Template1 ppp authentication-mode chap ppp chap user trustuser ppp chap password cipher A!! ip address 10.12.1.5 255.255.255.0 call-lns local-user trustuser l2tp-group 1 tunnel password cipher -G=,LULZYDWJCK_%%<:`LQ!! tunnel name trust start l2tp ip 222.240.248.210 fullusername trustuser ip route-static 0.0.0.0 0.0.0.0 218.76.73.1 ip route-static 192.168.10.0 255.255.255.0 10.12.1.33 Route to branch network 1 ip route-static 192.168.148.0 255.255.255.0 10.12.1.1 track ip-link 1 HQ network: No additional route is required. interface Virtual-Template2 ppp authentication-mode chap ppp chap user trustuser ppp chap password cipher A!! ip address 10.12.1.1 255.255.255.0 remote address pool 2 l2tp-group 2 allow l2tp virtual-template 2 remote trust tunnel password cipher -G=,LULZYDWJCK_%%<:`LQ!! tunnel name trustlns aaa ip pool 2 10.12.1.60 10.12.1.254 ip route-static 192.168.157.0 255.255.255.0 10.12.1.5 track ip-link 18