The following is a complete example of an L2TP configuration with multiple group and user profiles and a pool of logical interfaces for concurrent tunnel sessions:
- [edit access]
- address-pool customer_a {
- address 10.1.1.1/32;
- }
- address-pool customer_b {
- address-range low 10.2.2.1 high 10.2.3.2;
- }
- group-profile sunnyvale_users {
-
- ppp {
- framed-pool customer_a;
- idle-timeout 15;
- primary-dns 192.168.65.1;
- secondary-dns 192.168.65.2;
- primary-wins 192.168.65.3;
- secondary-wins 192.168.65.4;
- interface-id west;
- }
- }
- group-profile eastcoast_users {
-
- ppp {
- framed-pool customer_b;
- idle-timeout 20;
- primary-dns 192.168.65.5;
- secondary-dns 192.168.65.6;
- primary-wins 192.168.65.7;
- secondary-wins 192.168.65.8;
- interface-id east;
- }
- }
- group-profile sunnyvale_tunnel {
-
- l2tp {
- maximum-sessions-per-tunnel 100;
- interface-id west_shared;
- }
- }
- group-profile east_tunnel {
-
- l2tp {
- maximum-sessions-per-tunnel 125;
- interface-id east_shared;
- }
- }
- profile sunnyvale_bldg_1 {
-
- client white {
- chap-secret "$9$3s2690IeK8X7VKM7VwgaJn/Ctu1hclv87Ct87";
# SECRET-DATA
-
- ppp {
- idle-timeout 22;
- primary-dns 192.168.65.1;
- framed-ip-address 10.12.12.12/32;
- interface-id east;
- }
- group-profile sunnyvale_users;
- }
-
- client blue {
- chap-secret "$9$eq1KWxbwgZUHNdjqmTF3uO1Rhr-dsoJDNd"; # SECRET-DATA
- group-profile sunnyvale_users;
- }
- authentication-order password;
- }
- profile sunnyvale_bldg_1_tunnel {
-
- client test {
-
- l2tp {
- shared-secret "$9$r3HKvLg4ZUDkX7JGjif5p0BIRS8LN"; # SECRET-DATA
- maximum-sessions-per-tunnel 75;
- interface-id west_shared;
- ppp-authentication chap;
- }
- group-profile sunnyvale_tunnel;
- }
-
- client production {
-
- l2tp {
- shared-secret "$9$R2QErv8X-goGylVwg4jiTz36/t0BEleWFnRhrlXxbs2aJDHqf3nCP5";
- ppp-authentication chap;
- }
- group-profile sunnyvale_tunnel;
- }
- }
- [edit services]
- l2tp {
-
- tunnel-group finance-lns-server {
- l2tp-access-profile sunnyvale_bldg_1_tunnel;
- ppp-access-profile sunnyvale_bldg_1;
-
- local-gateway {
- address 10.1.117.3;
- }
- service-interface sp-1/3/0;
- receive-window 1500;
- maximum-send-window 1200;
- retransmit-interval 5;
- hello-interval 15;
- tunnel-timeout 55;
- }
-
- traceoptions {
- flag all;
- }
- }
- [edit interfaces sp-1/3/0]
- unit0 {
- family inet;
- }
- unit 10 {
-
- dial-options {
- l2tp-interface-id foo-user;
- dedicated;
- }
- family inet;
- }
- unit 11 {
-
- dial-options {
- l2tp-interface-id east;
- dedicated;
- }
- family inet;
- }
- unit 12 {
-
- dial-options {
- l2tp-interface-id east;
- dedicated;
- }
- family inet;
- }
- unit 21 {
-
- dial-options {
- l2tp-interface-id west;
- dedicated;
- }
- family inet;
- }
- unit 30 {
-
- dial-options {
- l2tp-interface-id west_shared;
- shared;
- }
- family inet;
- }
- unit 40 {
-
- dial-options {
- l2tp-interface-id east_shared;
- shared;
- }
- family inet;
- }
The following example shows an L2TP redundancy configuration:
- interfaces {
-
- rsp0 {
-
- redundancy-options {
- primary sp-0/0/0;
- secondary sp-1/3/0;
- }
-
- unit 0 {
- family inet;
- }
-
- unit 11 {
-
- dial-options {
- l2tp-interface-id east_shared;
- shared;
- }
- family inet;
- }
- }
- }