Knowledge Search


What are the limitations to L2TP over IPSec?

  [KB7329] Show Article Properties

What are the limitations to L2TP over IPSec?
L2TP limitations

  1. Only IP protocol is supported.
  2. ScreenOS firewall will create/accept only one tunnel between one L2TP Access Client (LAC)-L2TP Network Server (LNS) pair.
  3. ScreenOS firewall will act as LNS only.
  4. NetScreen-Remote client acts as LAC.
  5. ScreenOS firewall will support incoming calls only.  Outgoing or bi-directional L2TP communications is not supported.
  6. L2TP will always use UDP port 1701.
  7. Multilink PPP is not supported
  8. Every user must have different IKE identity.  If multiple users share the same IKE identity, the dial-in user will negotiate the new IKE tunnel, and the previous IKE tunnel will be terminated.
  9. Each user can only be assigned to one encapsulation protocol (e.g. if a user is assigned to L2TP tunnel 1, he cannot be assigned to IKE dialup or other tunnels).
  10. PPP compression and L2TP header compression are not supported.
Note:  Also refer to limitations listed in the 'L2TP over IPsec' KB Articles: KB8536 - Configuring PPTP, IPSec pass-through or L2TP over IPSec solutions on a Juniper Firewall device.
Related Links: