How to identify mutual access between local VPNs

3

Mutual access between local VPNs is implemented by configuring VPN targets of VPN instances. If VPN targets of VPN instances are advertised and imported mutually, mutual access between local VPNs is implemented.

For example:
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 1000:1
vpn-target 1000:0 200:0 export-extcommunity
vpn-target 1000:0 200:0 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 200:0 1000:0 export-extcommunity
vpn-target 200:0 1000:0 import-extcommunity

Other related questions:
How to control mutual access between network segments
On AR routers, you can configure advanced ACL and ACL-based traffic classifiers to control mutual access between users on different network segments.

Method used to configure mutual access between remote clients of the L2TP VPN on the USG2000 and USG5000
The method used to configure mutual access between remote clients of the L2TP VPN on the USG2000 and USG5000 is as follows: Problem description: Simple networking: (192.168.10.2) USG2000 (branch network 1) USG5000 (HQ) USG2000 (branch network 2) (192.168.157.1) The address (192.168.10.2) of branch network 1 can be successfully pinged using the address (192.168.157.1) of branch network 2. Implementation flow: 1. The key configuration is as follows: Branch network 1: interface Virtual-Template1 ppp authentication-mode chap ppp chap user trustuser ppp chap password cipher %$%$W#p2p!0JS[T*E/71$]C:1%$%$ tunnel name trust start l2tp ip 222.240.248.210 fullusername trustuser ip route-static 192.168.148.0 255.255.255.0 10.12.1.1 ip route-static 192.168.157.0 255.255.255.0 10.12.1.5 Route to branch network 2 ip route-static 192.168.173.0 255.255.255.0 10.12.1.1 ip route-static 192.168.174.0 255.255.255.0 10.12.1.1 Branch network 2: interface Virtual-Template1 ppp authentication-mode chap ppp chap user trustuser ppp chap password cipher A!! ip address 10.12.1.5 255.255.255.0 call-lns local-user trustuser l2tp-group 1 tunnel password cipher -G=,LULZYDWJCK_%%<:`LQ!! tunnel name trust start l2tp ip 222.240.248.210 fullusername trustuser ip route-static 0.0.0.0 0.0.0.0 218.76.73.1 ip route-static 192.168.10.0 255.255.255.0 10.12.1.33 Route to branch network 1 ip route-static 192.168.148.0 255.255.255.0 10.12.1.1 track ip-link 1 HQ network: No additional route is required. interface Virtual-Template2 ppp authentication-mode chap ppp chap user trustuser ppp chap password cipher A!! ip address 10.12.1.1 255.255.255.0 remote address pool 2 l2tp-group 2 allow l2tp virtual-template 2 remote trust tunnel password cipher -G=,LULZYDWJCK_%%<:`LQ!! tunnel name trustlns aaa ip pool 2 10.12.1.60 10.12.1.254 ip route-static 192.168.157.0 255.255.255.0 10.12.1.5 track ip-link 18

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top