08-04-2022 05:47 AM
Hi everyone,
How are you? I was wondering if it is possible to build a Layer2 Tunnel between IR829-1 and IR829-2 using Cellular. And if it is, would anyone be able to assist me in doing so?
Thank you very much
Solved! Go to Solution.
08-04-2022 08:31 AM - edited 08-04-2022 11:25 AM
I haven't tested this on industrial router but, considering the topology below, you can try this config. its very basic, just replace WAN IP with you cellular public IPs
On R1
int tun 1
ip add 172.16.1.1 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 2.2.2.2 <in your case it would be your cellular GW IP>
!
crypto ikev2 keyring MYKEY
peer R2
address 2.2.2.2
pre-shared-key cisco <you should choose a better password>
!
crytpo ikev2 profile MYVPN
authenticaion local pre-sharekey
authenticaion remote pre-sharekey
keyring local MYKEY
match identity remote address 2.2.2.2 255.255.255.255
!
int tun 1
tunnel mode ipsec ipv4
tunnel protection profile MYVPN
!
pseudo-class MYCLASS
encapsulation l2tpv3
ip local int tun 1
!
int g0/0
xconnect 172.16.1.2 1000 encapsulation l2tpv3 paseudo-class MYCLASS
!
Repeate same on R2 with R1 addresses
to verify
show crytp session
show xconnect all
hope this helps
08-04-2022 06:09 AM
if the xconnect command appear under interface then it can config
08-04-2022 08:31 AM - edited 08-04-2022 11:25 AM
I haven't tested this on industrial router but, considering the topology below, you can try this config. its very basic, just replace WAN IP with you cellular public IPs
On R1
int tun 1
ip add 172.16.1.1 255.255.255.0
tunnel source 1.1.1.1
tunnel destination 2.2.2.2 <in your case it would be your cellular GW IP>
!
crypto ikev2 keyring MYKEY
peer R2
address 2.2.2.2
pre-shared-key cisco <you should choose a better password>
!
crytpo ikev2 profile MYVPN
authenticaion local pre-sharekey
authenticaion remote pre-sharekey
keyring local MYKEY
match identity remote address 2.2.2.2 255.255.255.255
!
int tun 1
tunnel mode ipsec ipv4
tunnel protection profile MYVPN
!
pseudo-class MYCLASS
encapsulation l2tpv3
ip local int tun 1
!
int g0/0
xconnect 172.16.1.2 1000 encapsulation l2tpv3 paseudo-class MYCLASS
!
Repeate same on R2 with R1 addresses
to verify
show crytp session
show xconnect all
hope this helps
08-04-2022 09:11 AM
If routers support xconnect under gigaether then yes config you share is ok.
08-04-2022 04:44 PM
Thanks for the config and topology @ammahend and the confirmation @MHM Cisco World . When I get to work today, I will try the said topology and will update you two.
08-08-2022 11:03 PM
I managed to log in to both IR829 routers, and configured according to what you have suggested @ammahend, and yup, looks like the l2tp has been built. Thank you so much for that. Much appreciated your help and assistance.
According to your diagram, the 192.168.1.0/24 address connected to Gi0 in my IR829. I am assuming that G0/0 is configured as an access port of some sort, since it can pass one network. Is it possible to have more than one network to pass through that Layer 2 tunnel? That is, Gi0/0 has some sort of qinq functionality (I just checked Gi0, and it looks like it cannot do any layer2 commands like "switchport type trunk").
I saw "vlan-id dot1q 2000" and "vlan-range dot1q 2000 2001" etc. Are these commands ok to be used?
Thank you very much and I apologise for the bother as well
08-14-2022 05:26 PM
Hello everyone, I tried to connect a trunk port to the WLAN-Gi0 port on both ends, and it looks like different vlan traffics are being propagated, even without configuring the vlan-id or vlan-range.
Once agian, thank you for the help and assistance @ammahend . Really appreciate it
08-14-2022 05:45 PM
You are welcome
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide