Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What are the limitations to L2TP over IPSec?

0

0

Article ID: KB7329 KB Last Updated: 22 Jun 2010Version: 6.0
Summary:
What are the limitations to L2TP over IPSec?
Symptoms:
L2TP limitations

Solution:
  1. Only IP protocol is supported.
  2. ScreenOS firewall will create/accept only one tunnel between one L2TP Access Client (LAC)-L2TP Network Server (LNS) pair.
  3. ScreenOS firewall will act as LNS only.
  4. NetScreen-Remote client acts as LAC.
  5. ScreenOS firewall will support incoming calls only.  Outgoing or bi-directional L2TP communications is not supported.
  6. L2TP will always use UDP port 1701.
  7. Multilink PPP is not supported
  8. Every user must have different IKE identity.  If multiple users share the same IKE identity, the dial-in user will negotiate the new IKE tunnel, and the previous IKE tunnel will be terminated.
  9. Each user can only be assigned to one encapsulation protocol (e.g. if a user is assigned to L2TP tunnel 1, he cannot be assigned to IKE dialup or other tunnels).
  10. PPP compression and L2TP header compression are not supported.
Note:  Also refer to limitations listed in the 'L2TP over IPsec' KB Articles: KB8536 - Configuring PPTP, IPSec pass-through or L2TP over IPSec solutions on a Juniper Firewall device.
Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search